From 6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Tue, 29 May 2012 08:23:18 -0700
Subject: Bug 754672 - CSRF vulnerability in buglist.cgi allows possible
 unauthorized setting of default search options [r=LpSolit a=LpSolit]

---
 template/en/default/search/knob.html.tmpl | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'template/en')

diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl
index a50f6bd32..e20822bf5 100644
--- a/template/en/default/search/knob.html.tmpl
+++ b/template/en/default/search/knob.html.tmpl
@@ -40,6 +40,9 @@
    "Last Changed" => "Last Changed" } %]
 
 <input type="hidden" name="cmdtype" value="doit">
+[% IF user.id %]
+  <input type="hidden" name="token" value="[% issue_hash_token(['searchknob']) FILTER html %]">
+[% END %]
 
 <p>
   <label for="order">Sort results by</label>:
@@ -56,7 +59,7 @@
   <input type="submit" id="[% button_name FILTER html %]"
          value="[% button_name FILTER html %]">
   [% IF known_name %]
-    [%# We store known_name in case the user add a boolean chart. %]
+    [%# We store known_name in case the user adds a boolean chart. %]
     <input type="hidden" name="known_name" value="[% known_name FILTER html %]">
 
     [%# The name of the existing query will be passed to buglist.cgi. %]
@@ -68,14 +71,16 @@
   [% END %]
 </p>
 
-<p>
-  &nbsp;&nbsp;&nbsp;
-  <input type="checkbox" id="remasdefault"
-         name="remtype" value="asdefault">
-  <label for="remasdefault">
-    and remember these as my default search options
-  </label>
-</p>
+[% IF user.id %]
+  <p>
+    &nbsp;&nbsp;&nbsp;
+    <input type="checkbox" id="remasdefault"
+           name="remtype" value="asdefault">
+    <label for="remasdefault">
+      and remember these as my default search options
+    </label>
+  </p>
+[% END %]
         
 [% IF userdefaultquery %]
   <p>
-- 
cgit v1.2.3-24-g4f1b