From 0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 17 Apr 2014 18:11:12 +0200 Subject: Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protection r=dkl a=justdave --- template/en/default/account/auth/login-small.html.tmpl | 4 +++- template/en/default/account/auth/login.html.tmpl | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'template/en/default/account') diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl index 32dbe431b..5868b8671 100644 --- a/template/en/default/account/auth/login-small.html.tmpl +++ b/template/en/default/account/auth/login-small.html.tmpl @@ -46,7 +46,9 @@ [%+ "checked" IF Param('rememberlogin') == "defaulton" %]> [% END %] - + [x] diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl index bf20edb8b..b6da535cc 100644 --- a/template/en/default/account/auth/login.html.tmpl +++ b/template/en/default/account/auth/login.html.tmpl @@ -76,8 +76,10 @@ [% PROCESS "global/hidden-fields.html.tmpl" exclude="^Bugzilla_(login|password|restrictlogin)$" %] + - +

(Note: you should make sure cookies are enabled for this site. Otherwise, you will be required to log in frequently.) -- cgit v1.2.3-24-g4f1b