Adds an anti-XSRF token to the initial login form to allow direct login to /admin...

author Vincent Zanotti <vincent.zanotti@polytechnique.org>

Sat, 26 Jul 2008 22:14:16 +0000 (00:14 +0200)

committer Vincent Zanotti <vincent.zanotti@polytechnique.org>

Sat, 26 Jul 2008 22:14:16 +0000 (00:14 +0200)
author Vincent Zanotti <vincent.zanotti@polytechnique.org>
Sat, 26 Jul 2008 22:14:16 +0000 (00:14 +0200)
committer Vincent Zanotti <vincent.zanotti@polytechnique.org>
Sat, 26 Jul 2008 22:14:16 +0000 (00:14 +0200)
diff --git a/templates/core/password_prompt.tpl b/templates/core/password_prompt.tpl

index 4bc7bb4..f3be2ff 100644 (file)
--- a/templates/core/password_prompt.tpl
+++ b/templates/core/password_prompt.tpl
@@ -172,6 +172,7 @@ Si tu n'es pas {insert name="getName"}, change le login ci-dessous, ou rends-toi
  <!-- Set up the form with the challenge value and an empty reply value //-->
  <form action="{$smarty.server.REQUEST_URI}" method="post" id="loginsub">
    <div>
+    {xsrf_token_field}
      <input type="hidden" name="challenge" value="{$smarty.session.challenge}" />
      <input type="hidden" name="response"  value="" />
      <input type="hidden" name="xorpass"  value="" />
author	Vincent Zanotti <vincent.zanotti@polytechnique.org>
	Sat, 26 Jul 2008 22:14:16 +0000 (00:14 +0200)
committer	Vincent Zanotti <vincent.zanotti@polytechnique.org>
	Sat, 26 Jul 2008 22:14:16 +0000 (00:14 +0200)