use Bugzilla::Search::Saved;
use Bugzilla::Error;
use Bugzilla::User;
+use Bugzilla::Token;
use Storable qw(dclone);
my @collist;
if (defined $cgi->param('rememberedquery')) {
+ my $search;
+ if (defined $cgi->param('saved_search')) {
+ $search = new Bugzilla::Search::Saved($cgi->param('saved_search'));
+ }
+
+ my $token = $cgi->param('token');
+ if ($search) {
+ check_hash_token($token, [$search->id, $search->name]);
+ }
+ else {
+ check_hash_token($token, ['default-list']);
+ }
+
my $splitheader = 0;
if (defined $cgi->param('resetit')) {
@collist = DEFAULT_COLUMN_LIST;
$vars->{'message'} = "change_columns";
- my $search;
- if (defined $cgi->param('saved_search')) {
- $search = new Bugzilla::Search::Saved($cgi->param('saved_search'));
- }
-
if ($cgi->param('save_columns_for_search')
&& defined $search && $search->user->id == Bugzilla->user->id)
{
<p>
<input type="hidden" name="saved_search"
value="[% saved_search.id FILTER html%]" >
+ <input type="hidden" name="token"
+ value="[% issue_hash_token([saved_search.id, saved_search.name]) FILTER html %]">
<input type="checkbox" id="save_columns_for_search" checked="checked"
name="save_columns_for_search" value="1">
<label for="save_columns_for_search">Save this column list only
for search '[% saved_search.name FILTER html %]'</label>
</p>
+ [% ELSE %]
+ <input type="hidden" name="token"
+ value="[% issue_hash_token(['default-list']) FILTER html %]">
[% END %]
<p>
projects / thirdparty / bugzilla.git / commitdiff
