From fee4dfba5bce719769ee2733a0e7b824aaf298d6 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 24 Jan 2011 18:23:39 +0100
Subject: Bug 621110: [SECURITY] Quips (adding/approving/deleting) lacks CSRF
 protection r=dkl a=LpSolit

---
 template/en/default/list/quips.html.tmpl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'template/en/default/list')

diff --git a/template/en/default/list/quips.html.tmpl b/template/en/default/list/quips.html.tmpl
index 1870ffcf2..62395d27f 100644
--- a/template/en/default/list/quips.html.tmpl
+++ b/template/en/default/list/quips.html.tmpl
@@ -73,6 +73,8 @@
 
   <form method="post" action="quips.cgi">
     <input type="hidden" name="action" value="add">
+    <input type="hidden" name="token"
+           value="[% issue_hash_token(['create-quips']) FILTER html %]">
     <input size="80" name="quip">
     <p>
       <input type="submit" id="add" value="Add This Quip">
@@ -103,6 +105,8 @@
     </p>
     <form name="editform" method="post" action="quips.cgi">
       <input type="hidden" name="action" value="approve">
+      <input type="hidden" name="token"
+             value="[% issue_hash_token(['approve-quips']) FILTER html %]">
       <table border="1">
         <thead><tr>
           <th>Quip</th>
@@ -119,7 +123,8 @@
               [% "Unknown" IF NOT users.$userid %]
             </td>
             <td>
-              <a href="quips.cgi?action=delete&amp;quipid=[% quipid FILTER uri %]">
+              <a href="quips.cgi?action=delete&amp;quipid=[% quipid FILTER uri %]&amp;token=
+                 [%- issue_hash_token(['quips', quipid]) FILTER uri %]">
                 Delete
               </a>
             </td>
-- 
cgit v1.2.3-24-g4f1b