From 283be21f66e638667bc2ec7720cab459ecf1f698 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Fri, 24 Apr 2015 16:56:26 +0100
Subject: Bug 1157395: CSRF in log in form

---
 template/en/default/global/user-error.html.tmpl | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'template/en/default/global/user-error.html.tmpl')

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 250ab0e1d..5e83eef14 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -244,6 +244,15 @@
 
     [% Hook.process("auth_failure") %]
 
+  [% ELSIF error == "auth_untrusted_request" %]
+    [% title = "Untrusted Authentication Request" %]
+    You tried to log in using the <em>[% login FILTER html %]</em> account,
+    but [% terms.Bugzilla %] is unable to trust your request. Make sure
+    your web browser accepts cookies and that you haven't been redirected
+    here from an external web site.
+    <a href="index.cgi?GoAheadAndLogIn=1">Click here</a> if you really want
+    to log in.
+
   [% ELSIF error == "auth_invalid_token" %]
     [% title = 'A token error occurred' %]
     The token is not valid. It could be because you loaded this page more than
-- 
cgit v1.2.3-24-g4f1b