From 74aa3e30fbb81922c3d566e98fe8d734d93b8259 Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Wed, 4 Apr 2012 17:11:12 -0400
Subject: Backport of Bug 705474 - CSRF vulnerability in createaccount.cgi
 allows possible unauthorized account creation e-mail request

---
 extensions/BMO/template/en/default/account/create.html.tmpl | 1 +
 1 file changed, 1 insertion(+)

(limited to 'extensions/BMO/template')

diff --git a/extensions/BMO/template/en/default/account/create.html.tmpl b/extensions/BMO/template/en/default/account/create.html.tmpl
index e559f2d8c..6ca32dfd5 100644
--- a/extensions/BMO/template/en/default/account/create.html.tmpl
+++ b/extensions/BMO/template/en/default/account/create.html.tmpl
@@ -146,6 +146,7 @@ function onSubmit() {
     <td>
       <input size="35" id="login" name="login" placeholder="you@example.com">[% Param('emailsuffix') FILTER html %]</td>
     <td>
+      <input type="hidden" id="token" name="token" value="[% issue_hash_token(['create_account']) FILTER html %]">
       <input type="submit" value="Create Account">
      </td>
     </tr>
-- 
cgit v1.2.3-24-g4f1b