From 0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 17 Apr 2014 18:11:12 +0200
Subject: Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF
 protection r=dkl a=justdave

---
 Bugzilla/Auth.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla/Auth.pm')

diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index 6b291d8ae..42e4ee784 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -153,7 +153,7 @@ sub _handle_login_result {
         if ($self->{_info_getter}->{successful}->requires_persistence
             and !Bugzilla->request_cache->{auth_no_automatic_login}) 
         {
-            $self->{_persister}->persist_login($user);
+            $user->{_login_token} = $self->{_persister}->persist_login($user);
         }
     }
     elsif ($fail_code == AUTH_ERROR) {
-- 
cgit v1.2.3-24-g4f1b