Merge pull request #8443 from owncloud/csrf-on-login-and-logout

Add CSRF check on login and logout
author: Vincent Petry <pvince81@owncloud.com> 2014-06-02 11:27:20 +0200
committer: Vincent Petry <pvince81@owncloud.com> 2014-06-02 11:27:20 +0200
commit: 4e957c7b1881ec1583fd716f0a138811e9951756 (patch)
tree: 7647ff8010cce4a44afb40f4997e24ef9d74c903 /core
parent: 09ab642d2b6b98e4188bdefa004a27c19577ec90 (diff)
parent: f8cb8f480346fb36ca18258b902a7157265c8ac7 (diff)
download: nextcloud-server-4e957c7b1881ec1583fd716f0a138811e9951756.tar.gz
nextcloud-server-4e957c7b1881ec1583fd716f0a138811e9951756.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/core/templates/login.php b/core/templates/login.php
index 669d20b32e4..0f25f853b02 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,3 +1,5 @@
+<?php /** @var $l OC_L10N */ ?>
+
 <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
 <form method="post" name="login">
 	<fieldset>
@@ -51,6 +53,7 @@
 		<label for="remember_login"><?php p($l->t('remember')); ?></label>
 		<?php endif; ?>
 		<input type="hidden" name="timezone-offset" id="timezone-offset"/>
+		<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
 		<input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>" disabled="disabled"/>
 	</fieldset>
 </form>
author	Vincent Petry <pvince81@owncloud.com>	2014-06-02 11:27:20 +0200
committer	Vincent Petry <pvince81@owncloud.com>	2014-06-02 11:27:20 +0200
commit	4e957c7b1881ec1583fd716f0a138811e9951756 (patch)
tree	7647ff8010cce4a44afb40f4997e24ef9d74c903 /core
parent	09ab642d2b6b98e4188bdefa004a27c19577ec90 (diff)
parent	f8cb8f480346fb36ca18258b902a7157265c8ac7 (diff)
download	nextcloud-server-4e957c7b1881ec1583fd716f0a138811e9951756.tar.gz nextcloud-server-4e957c7b1881ec1583fd716f0a138811e9951756.zip