From 2137f365677d836e3d3c55c81634d0f732fecdfe Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 6 Aug 2012 23:44:33 +0200 Subject: Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request r=reed a=LpSolit --- template/en/default/account/auth/login-small.html.tmpl | 7 ++++--- template/en/default/account/auth/login.html.tmpl | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'template/en/default/account/auth') diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl index fbe40fb43..cb4335466 100644 --- a/template/en/default/account/auth/login-small.html.tmpl +++ b/template/en/default/account/auth/login-small.html.tmpl @@ -36,8 +36,8 @@ [% IF cgi.request_method == "GET" AND cgi.query_string %] [% connector = "&" %] [% END %] - [% script_name = login_target _ connector _ "GoAheadAndLogIn=1" %] - Log In [% Hook.process('additional_methods') %] @@ -114,7 +114,7 @@
  • | - Forgot Password
    @@ -123,6 +123,7 @@ + [x]
  • diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl index 122ef6f7c..3de52b6a0 100644 --- a/template/en/default/account/auth/login.html.tmpl +++ b/template/en/default/account/auth/login.html.tmpl @@ -115,6 +115,7 @@ enter your login name below and submit a request to change your password.
    + [% END %] -- cgit v1.2.3-24-g4f1b