From a726ed6ec6c81846c5122e592fe7ae6c21bb1b05 Mon Sep 17 00:00:00 2001
From: Vincent Zanotti <vincent.zanotti@polytechnique.org>
Date: Sun, 27 Jul 2008 00:14:16 +0200
Subject: [PATCH] Adds an anti-XSRF token to the initial login form to allow
 direct login to /admin/user/<user> page (it expects an xsrf token for all
 POST requests).

Signed-off-by: Vincent Zanotti <vincent.zanotti@polytechnique.org>
---
 templates/core/password_prompt.tpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/core/password_prompt.tpl b/templates/core/password_prompt.tpl
index 4bc7bb4..f3be2ff 100644
--- a/templates/core/password_prompt.tpl
+++ b/templates/core/password_prompt.tpl
@@ -172,6 +172,7 @@ Si tu n'es pas {insert name="getName"}, change le login ci-dessous, ou rends-toi
 <!-- Set up the form with the challenge value and an empty reply value //-->
 <form action="{$smarty.server.REQUEST_URI}" method="post" id="loginsub">
   <div>
+    {xsrf_token_field}
     <input type="hidden" name="challenge" value="{$smarty.session.challenge}" />
     <input type="hidden" name="response"  value="" />
     <input type="hidden" name="xorpass"  value="" />
-- 
2.1.4