diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:06:13 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:06:13 +0100 |
commit | 1b925f4bdf4fef4b0f6a115223d6d1bb68ece52f (patch) | |
tree | 4859ec9dd8190be8ee0ac934116ed318384c77d3 /template/en/default/bug/edit.html.tmpl | |
parent | 718f80eda24c887fa1e31b8142776351db64fe10 (diff) | |
download | bugzilla-1b925f4bdf4fef4b0f6a115223d6d1bb68ece52f.tar.gz bugzilla-1b925f4bdf4fef4b0f6a115223d6d1bb68ece52f.tar.xz |
Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and component names that the user is not allowed to see
r=dkl a=LpSolit
Diffstat (limited to 'template/en/default/bug/edit.html.tmpl')
-rw-r--r-- | template/en/default/bug/edit.html.tmpl | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index e11e244f6..de9afb56c 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -8,8 +8,8 @@ [% PROCESS bug/time.html.tmpl %] - <script type="text/javascript"> - <!-- +<script type="text/javascript"> +<!-- [% IF user.is_timetracker %] var fRemainingTime = [% bug.remaining_time %]; // holds the original value function adjustRemainingTime() { @@ -30,6 +30,7 @@ } [% END %] +[% IF user.id %] /* Index all classifications so we can keep track of the classification * for the selected product, which could control field visibility. */ @@ -38,9 +39,9 @@ all_classifications['[% product.name FILTER js %]'] = ' [%- product.classification.name FILTER js %]'; [%- END %] - - //--> - </script> +[% END %] +//--> +</script> <form name="changeform" id="changeform" method="post" action="process_bug.cgi"> |