From dc51769c9f7fb84ac2e43112f2d106a4770f5781 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 2 Feb 2009 18:33:29 +0000
Subject: Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from
 making bugzilla users submit changes to bugs - Patch by Frédéric Buclin
 <LpSolit@gmail.com> r=mkanat a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 buglist.cgi | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index d51112a5c..f5284439c 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -47,6 +47,7 @@ use Bugzilla::Product;
 use Bugzilla::Keyword;
 use Bugzilla::Field;
 use Bugzilla::Status;
+use Bugzilla::Token;
 
 use Date::Parse;
 
@@ -1241,6 +1242,7 @@ if ($dotweak && scalar @bugs) {
     }
     $vars->{'dotweak'} = 1;
     $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count();
+    $vars->{'token'} = issue_session_token('buglist_mass_change');
 
     $vars->{'products'} = Bugzilla->user->get_enterable_products;
     $vars->{'platforms'} = get_legal_field_values('rep_platform');
-- 
cgit v1.2.3-24-g4f1b