From 283be21f66e638667bc2ec7720cab459ecf1f698 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Fri, 24 Apr 2015 16:56:26 +0100
Subject: Bug 1157395: CSRF in log in form

---
 Bugzilla/Template.pm | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'Bugzilla/Template.pm')

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 3664fca81..608d612b8 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -1040,6 +1040,11 @@ sub create {
             # Allow templates to generate a token themselves.
             'issue_hash_token' => \&Bugzilla::Token::issue_hash_token,
 
+            'get_login_request_token' => sub {
+                my $cookie = Bugzilla->cgi->cookie('Bugzilla_login_request_cookie');
+                return $cookie ? issue_hash_token(['login_request', $cookie]) : '';
+            },
+
             'get_api_token' => sub {
                 return '' unless Bugzilla->user->id;
                 my $cache = Bugzilla->request_cache;
-- 
cgit v1.2.3-24-g4f1b