From 2137f365677d836e3d3c55c81634d0f732fecdfe Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 6 Aug 2012 23:44:33 +0200
Subject: Bug 706271: CSRF vulnerability in token.cgi allows possible
 unauthorized password reset e-mail request r=reed a=LpSolit

---
 template/en/default/account/auth/login.html.tmpl | 1 +
 1 file changed, 1 insertion(+)

(limited to 'template/en/default/account/auth/login.html.tmpl')

diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl
index 122ef6f7c..3de52b6a0 100644
--- a/template/en/default/account/auth/login.html.tmpl
+++ b/template/en/default/account/auth/login.html.tmpl
@@ -115,6 +115,7 @@
       enter your login name below and submit a request
       to change your password.<br>
       <input size="35" name="loginname">
+      <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]">
       <input type="submit" id="request" value="Reset Password">
     </form>
   [% END %]
-- 
cgit v1.2.3-24-g4f1b