summaryrefslogtreecommitdiffstats
path: root/template/default/attachment/viewall.atml
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2001-11-06 05:47:17 +0100
committerjustdave%syndicomm.com <>2001-11-06 05:47:17 +0100
commitf12ad394c4dcce0c7efafc327d830705b6ec708f (patch)
tree5f29507495acf790bb0258108288432cadc904bc /template/default/attachment/viewall.atml
parent1d9fe70befbe375184f3de1e48e1aa168bf6503d (diff)
downloadbugzilla-f12ad394c4dcce0c7efafc327d830705b6ec708f.tar.gz
bugzilla-f12ad394c4dcce0c7efafc327d830705b6ec708f.tar.xz
SECURITY FIX see bug 108385: Due to trusting of passed form fields that shouldn't have been trusted, it was possible to add a comment to a bug pretending to be someone else if you edited the HTML by hand before submitting. The bug form did not include the field in question, but due to legacy processing code, the field was still trusted if it was present.
Patch by Dave Miller <justdave@syndicomm.com> r= jake x2
Diffstat (limited to 'template/default/attachment/viewall.atml')
0 files changed, 0 insertions, 0 deletions