From 3004a5e322c3a95c7e51978b917f1547c382bac9 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Tue, 29 May 2012 07:52:31 -0700
Subject: Bug 754673 - CSRF vulnerability in query.cgi allows possible
 unauthorized use of "Set my default search back to the system default"
 [r=LpSolit a=LpSolit]

---
 template/en/default/search/knob.html.tmpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'template/en/default/search')

diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl
index 17ff63a10..a50f6bd32 100644
--- a/template/en/default/search/knob.html.tmpl
+++ b/template/en/default/search/knob.html.tmpl
@@ -79,7 +79,8 @@
         
 [% IF userdefaultquery %]
   <p>
-    <a href="query.cgi?nukedefaultquery=1">
+    <a href="query.cgi?nukedefaultquery=1&amp;token=
+       [%- issue_hash_token(['nukedefaultquery']) FILTER uri %]">
       Set my default search back to the system default</a>.
   </p>
 [% END %]
-- 
cgit v1.2.3-24-g4f1b