diff options
| author | lpsolit%gmail.com <> | 2009-02-02 19:33:29 +0100 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2009-02-02 19:33:29 +0100 |
| commit | dc51769c9f7fb84ac2e43112f2d106a4770f5781 (patch) | |
| tree | 2e33c5042d7608871c661a843c3c991da07693d7 /template/en/default/admin | |
| parent | 8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (diff) | |
| download | bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.gz bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.xz | |
Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making bugzilla users submit changes to bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'template/en/default/admin')
| -rw-r--r-- | template/en/default/admin/confirm-action.html.tmpl | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/template/en/default/admin/confirm-action.html.tmpl b/template/en/default/admin/confirm-action.html.tmpl index da551d0d7..521d2d157 100644 --- a/template/en/default/admin/confirm-action.html.tmpl +++ b/template/en/default/admin/confirm-action.html.tmpl @@ -20,6 +20,8 @@ # token_action: the action the token was supposed to serve. # expected_action: the action the user was going to do. # script_name: the script generating this warning. + # alternate_script: the suggested script to redirect the user to + # if he declines submission. #%] [% PROCESS "global/field-descs.none.tmpl" %] @@ -89,8 +91,8 @@ exclude="^(Bugzilla_login|Bugzilla_password)$" %] <input type="submit" id="confirm" value="Confirm Changes"> </form> - <p>Or throw away these changes and go back to <a href="[% script_name FILTER html %]"> - [%- script_name FILTER html %]</a>.</p> + <p>Or throw away these changes and go back to <a href="[% alternate_script FILTER html %]"> + [%- alternate_script FILTER html %]</a>.</p> [% END %] [% PROCESS global/footer.html.tmpl %] |