summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-02-02 19:48:38 +0100
committerlpsolit%gmail.com <>2009-02-02 19:48:38 +0100
commit44341577cd209d8c61fe4129ea72785fc7be9ee5 (patch)
tree794b09b93c8bb68d00b72f23872048a519d7dcaf /template
parent95c875a4f1b3c7f5dc7de573551f24e72718506b (diff)
downloadbugzilla-44341577cd209d8c61fe4129ea72785fc7be9ee5.tar.gz
bugzilla-44341577cd209d8c61fe4129ea72785fc7be9ee5.tar.xz
Bug 466748: [SECURITY] Shared/saved searches can be deleted without user confirmation using predictable URL - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'template')
-rw-r--r--template/en/default/account/prefs/saved-searches.html.tmpl3
-rw-r--r--template/en/default/global/user-error.html.tmpl5
-rw-r--r--template/en/default/list/list.html.tmpl5
3 files changed, 8 insertions, 5 deletions
diff --git a/template/en/default/account/prefs/saved-searches.html.tmpl b/template/en/default/account/prefs/saved-searches.html.tmpl
index 709cf49c5..280b932ba 100644
--- a/template/en/default/account/prefs/saved-searches.html.tmpl
+++ b/template/en/default/account/prefs/saved-searches.html.tmpl
@@ -108,7 +108,8 @@
Remove from <a href="editwhines.cgi">whining</a> first
[% ELSE %]
<a href="buglist.cgi?cmdtype=dorem&amp;remaction=forget&amp;namedcmd=
- [% q.name FILTER url_quote %]">Forget</a>
+ [% q.name FILTER url_quote %]&amp;token=
+ [% issue_hash_token([q.id, q.name]) FILTER url_quote %]">Forget</a>
[% END %]
</td>
<td align="center">
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 0606857dd..1efee9a5e 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1391,8 +1391,9 @@
The name <em>[% name FILTER html %]</em> is already used by another
saved search. You first have to
<a href="buglist.cgi?cmdtype=dorem&amp;remaction=forget&amp;namedcmd=
- [%- name FILTER url_quote %]">delete</a> it if you really want to use
- this name.
+ [%- name FILTER url_quote %]&amp;token=
+ [% issue_hash_token([query_id, name]) FILTER url_quote %]">delete</a>
+ it if you really want to use this name.
[% ELSIF error == "query_name_missing" %]
[% title = "No Search Name Specified" %]
diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl
index 4929c416d..a75f1340c 100644
--- a/template/en/default/list/list.html.tmpl
+++ b/template/en/default/list/list.html.tmpl
@@ -228,8 +228,9 @@
<td valign="middle" nowrap="nowrap" class="bz_query_forget">
|
<a href="buglist.cgi?cmdtype=dorem&amp;remaction=forget&amp;namedcmd=
- [% searchname FILTER url_quote %]">Forget&nbsp;Search&nbsp;'
- [% searchname FILTER html %]'</a>
+ [% searchname FILTER url_quote %]&amp;token=
+ [% issue_hash_token([search_id, searchname]) FILTER url_quote %]">
+ Forget&nbsp;Search&nbsp;'[% searchname FILTER html %]'</a>
</td>
[% ELSE %]
<td>&nbsp;</td>