my $query_name = $cgi->param('newqueryname');
my $new_query = $cgi->param('newquery');
my $query_type = QUERY_LIST;
+ my $token = $cgi->param('token');
+ check_hash_token($token, ['savedsearch']);
# If list_of_bugs is true, we are adding/removing individual bugs
# to a saved search. We get the existing list of bug IDs (if any)
# and add/remove the passed ones.
<input type="hidden" name="cmdtype" value="doit">
<input type="hidden" name="remtype" value="asnamed">
<input type="hidden" name="list_of_bugs" value="1">
+ <input type="hidden" name="token" value="[% issue_hash_token(['savedsearch']) FILTER html %]">
<select id="lob_action" name="action" onchange="update_text();">
<option value="add">Add</option>
[% IF lists_of_bugs.size %]
value="[% urlquerypart FILTER html %][% "&order=$qorder" FILTER html IF order %]">
<input type="hidden" name="cmdtype" value="doit">
<input type="hidden" name="remtype" value="asnamed">
+ <input type="hidden" name="token" value="[% issue_hash_token(['savedsearch']) FILTER html %]">
<input type="text" id="save_newqueryname" name="newqueryname" size="20"
value="[% defaultsavename FILTER html %]">
</form>
projects / thirdparty / bugzilla.git / commitdiff
