diff -r 7bacc4f21edc -r 797fc2e2fb78 web/views/management.py
--- a/web/views/management.py	Wed Nov 28 11:44:15 2012 +0100
+++ b/web/views/management.py	Tue Nov 27 14:48:03 2012 +0100
@@ -20,6 +20,7 @@
 __docformat__ = "restructuredtext en"
 _ = unicode
 
+
 from logilab.mtconverter import xml_escape
 from logilab.common.registry import yes
 
@@ -148,6 +149,8 @@
             form.add_hidden('description', binfo,
                             # we must use a text area to keep line breaks
                             widget=wdgs.TextArea({'class': 'hidden'}))
+            # add a signature so one can't send arbitrary text
+            form.add_hidden('__signature', req.vreg.config.sign_text(binfo))
             form.add_hidden('__bugreporting', '1')
             form.form_buttons = [wdgs.SubmitButton(MAIL_SUBMIT_MSGID)]
             form.action = req.build_url('reportbug')