diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:23:13 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:23:13 +0100 |
commit | be126b5b3ce49ae4d3c1591cccca40cb369c4dd3 (patch) | |
tree | 5e522f90daef9396f928bb0da59461948f38c2de | |
parent | fbb0dd18cbf1ddf2e63c2db7c0bce98001a704ea (diff) | |
download | bugzilla-be126b5b3ce49ae4d3c1591cccca40cb369c4dd3.tar.gz bugzilla-be126b5b3ce49ae4d3c1591cccca40cb369c4dd3.tar.xz |
Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as obsolete can disclose its description
r=gerv a=LpSolit
-rw-r--r-- | Bugzilla/Attachment.pm | 3 | ||||
-rw-r--r-- | template/en/default/global/code-error.html.tmpl | 3 |
2 files changed, 1 insertions, 5 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index b1f47d0cd..69939a657 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -723,11 +723,8 @@ sub validate_obsolete { $attachment->validate_can_edit($bug->product_id) || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id }); - $vars->{'description'} = $attachment->description; - if ($attachment->bug_id != $bug->bug_id) { $vars->{'my_bug_id'} = $bug->bug_id; - $vars->{'attach_bug_id'} = $attachment->bug_id; ThrowCodeError('mismatched_bug_ids_on_obsolete', $vars); } diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 73a602b87..24e46fb14 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -244,8 +244,7 @@ setting in [% constants.bz_locations.localconfig FILTER html %]. [% ELSIF error == "mismatched_bug_ids_on_obsolete" %] - Attachment [% attach_id FILTER html %] ([% description FILTER html %]) - is attached to [% terms.bug %] [%+ attach_bug_id FILTER html %], + Attachment [% attach_id FILTER html %] is attached to another [% terms.bug %], but you tried to flag it as obsolete while creating a new attachment to [%+ terms.bug %] [%+ my_bug_id FILTER html %]. |