From 4e1941fedbe46bafce9aded3a0a38d272fec37a2 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Tue, 4 Nov 2014 11:11:09 +0800
Subject: Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf
 for login forms

---
 template/en/default/admin/sudo.html.tmpl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'template/en/default/admin')

diff --git a/template/en/default/admin/sudo.html.tmpl b/template/en/default/admin/sudo.html.tmpl
index 676959c34..beb7ba510 100644
--- a/template/en/default/admin/sudo.html.tmpl
+++ b/template/en/default/admin/sudo.html.tmpl
@@ -81,9 +81,10 @@
     <p>
       Finally, enter <label for="Bugzilla_password">your [% terms.Bugzilla %]
       password</label>:
-      <input type="hidden" name="Bugzilla_login" value="
-      [%- user.login FILTER html %]">
+      <input type="hidden" name="Bugzilla_login" value="[% user.login FILTER html %]">
       <input type="password" id="Bugzilla_password" name="Bugzilla_password" size="20">
+      <input type="hidden" name="Bugzilla_login_token"
+             value="[% login_request_token FILTER html %]">
       <br>
       This is done for two reasons.  First of all, it is done to reduce 
       the chances of someone doing large amounts of damage using your 
-- 
cgit v1.2.3-24-g4f1b