From 038df43c5a3d51bd66772a7df7e6403eebe1b913 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Tue, 29 May 2012 08:22:31 -0700
Subject: Bug 754672 - CSRF vulnerability in buglist.cgi allows possible
 unauthorized setting of default search options [r=LpSolit a=LpSolit]

---
 template/en/default/search/knob.html.tmpl | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'template/en/default/search')

diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl
index 723825a3c..e9e3daaf1 100644
--- a/template/en/default/search/knob.html.tmpl
+++ b/template/en/default/search/knob.html.tmpl
@@ -23,6 +23,9 @@
    "Last Changed" => "Last Changed" } %]
 
 <input type="hidden" name="cmdtype" value="doit">
+[% IF user.id %]
+  <input type="hidden" name="token" value="[% issue_hash_token(['searchknob']) FILTER html %]">
+[% END %]
 
 <p>
   <label for="order">Sort results by</label>:
@@ -39,7 +42,7 @@
   <input type="submit" id="[% button_name FILTER html %]"
          value="[% button_name FILTER html %]">
   [% IF known_name %]
-    [%# We store known_name in case the user add a boolean chart. %]
+    [%# We store known_name in case the user adds a boolean chart. %]
     <input type="hidden" name="known_name" value="[% known_name FILTER html %]">
 
     [%# The name of the existing query will be passed to buglist.cgi. %]
@@ -51,14 +54,16 @@
   [% END %]
 </p>
 
-<p>
-  &nbsp;&nbsp;&nbsp;
-  <input type="checkbox" id="remasdefault"
-         name="remtype" value="asdefault">
-  <label for="remasdefault">
-    and remember these as my default search options
-  </label>
-</p>
+[% IF user.id %]
+  <p>
+    &nbsp;&nbsp;&nbsp;
+    <input type="checkbox" id="remasdefault"
+           name="remtype" value="asdefault">
+    <label for="remasdefault">
+      and remember these as my default search options
+    </label>
+  </p>
+[% END %]
         
 [% IF userdefaultquery %]
   <p>
-- 
cgit v1.2.3-24-g4f1b