X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Fshare%2Fhtml%2FElements%2FCSRF;h=c9c50773f1d0151d17ec65f7dadc704441bb8b7c;hb=31f3763747b82764bb019cfab5b2a2945fc9a99d;hp=4893c1216cb138042285b92b5291ad8d761f2d71;hpb=21a232b78413718d8a68867ba7eb4f52a287f9b6;p=freeside.git diff --git a/rt/share/html/Elements/CSRF b/rt/share/html/Elements/CSRF index 4893c1216..c9c50773f 100644 --- a/rt/share/html/Elements/CSRF +++ b/rt/share/html/Elements/CSRF @@ -2,7 +2,7 @@ %# %# COPYRIGHT: %# -%# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC +%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC %# %# %# (Except where explicitly superseded by other copyright notices) @@ -52,11 +52,11 @@ % my $strong_start = ""; % my $strong_end = ""; -

<&|/l_unsafe, $strong_start, $strong_end, $Reason &>RT has detected a possible [_1]cross-site request forgery[_2] for this request, because [_3]. This is possibly caused by a malicious attacker trying to perform actions against RT on your behalf. If you did not initiate this request, then you should alert your security team.

+

<&|/l_unsafe, $strong_start, $strong_end, $Reason, $action &>RT has detected a possible [_1]cross-site request forgery[_2] for this request, because [_3]. A malicious attacker may be trying to [_1][_4][_2] on your behalf. If you did not initiate this request, then you should alert your security team.

% my $start = qq||; % my $end = qq||; -

<&|/l_unsafe, $escaped_path, $start, $end &>If you really intended to visit [_1], then [_2]click here to resume your request[_3].

+

<&|/l_unsafe, $escaped_path, $action, $start, $end &>If you really intended to visit [_1] and [_2], then [_3]click here to resume your request[_4].

<& /Elements/Footer, %ARGS &> % $m->abort; @@ -71,4 +71,6 @@ $escaped_path = "$escaped_path"; my $url_with_token = URI->new($OriginalURL); $url_with_token->query_form([CSRF_Token => $Token]); + +my $action = RT::Interface::Web::PotentialPageAction($OriginalURL) || loc("perform actions");