diff options
| -rwxr-xr-x | buglist.cgi | 2 | ||||
| -rw-r--r-- | template/en/default/search/knob.html.tmpl | 23 |
2 files changed, 16 insertions, 9 deletions
diff --git a/buglist.cgi b/buglist.cgi index f0e778464..f7498483a 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -434,6 +434,8 @@ if ($cmdtype eq "dorem") { elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) { if ($cgi->param('remtype') eq "asdefault") { $user = Bugzilla->login(LOGIN_REQUIRED); + my $token = $cgi->param('token'); + check_hash_token($token, ['searchknob']); InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer); $vars->{'message'} = "buglist_new_default_query"; } diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl index 723825a3c..e9e3daaf1 100644 --- a/template/en/default/search/knob.html.tmpl +++ b/template/en/default/search/knob.html.tmpl @@ -23,6 +23,9 @@ "Last Changed" => "Last Changed" } %] <input type="hidden" name="cmdtype" value="doit"> +[% IF user.id %] + <input type="hidden" name="token" value="[% issue_hash_token(['searchknob']) FILTER html %]"> +[% END %] <p> <label for="order">Sort results by</label>: @@ -39,7 +42,7 @@ <input type="submit" id="[% button_name FILTER html %]" value="[% button_name FILTER html %]"> [% IF known_name %] - [%# We store known_name in case the user add a boolean chart. %] + [%# We store known_name in case the user adds a boolean chart. %] <input type="hidden" name="known_name" value="[% known_name FILTER html %]"> [%# The name of the existing query will be passed to buglist.cgi. %] @@ -51,14 +54,16 @@ [% END %] </p> -<p> - - <input type="checkbox" id="remasdefault" - name="remtype" value="asdefault"> - <label for="remasdefault"> - and remember these as my default search options - </label> -</p> +[% IF user.id %] + <p> + + <input type="checkbox" id="remasdefault" + name="remtype" value="asdefault"> + <label for="remasdefault"> + and remember these as my default search options + </label> + </p> +[% END %] [% IF userdefaultquery %] <p> |