diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:09:30 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:09:30 +0100 |
commit | fbb0dd18cbf1ddf2e63c2db7c0bce98001a704ea (patch) | |
tree | 673fea4586a065de78f6ddf8b11551c70eab9081 /template/en/default/bug/edit.html.tmpl | |
parent | 798135a6e855d992b734d002805ac4dd909be2cc (diff) | |
download | bugzilla-fbb0dd18cbf1ddf2e63c2db7c0bce98001a704ea.tar.gz bugzilla-fbb0dd18cbf1ddf2e63c2db7c0bce98001a704ea.tar.xz |
Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and component names that the user is not allowed to see
r=dkl a=LpSolit
Diffstat (limited to 'template/en/default/bug/edit.html.tmpl')
-rw-r--r-- | template/en/default/bug/edit.html.tmpl | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index bdee83806..fbc6e4a96 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -30,9 +30,8 @@ [% PROCESS bug/time.html.tmpl %] - <script type="text/javascript"> - <!-- - +<script type="text/javascript"> +<!-- /* Outputs a link to call replyToComment(); used to reduce HTML output */ function addReplyLink(id, real_id) { /* XXX this should really be updated to use the DOM Core's @@ -119,6 +118,7 @@ [% END %] +[% IF user.id %] /* Index all classifications so we can keep track of the classification * for the selected product, which could control field visibility. */ @@ -127,9 +127,9 @@ all_classifications['[% product.name FILTER js %]'] = ' [%- product.classification.name FILTER js %]'; [%- END %] - - //--> - </script> +[% END %] +//--> +</script> <form name="changeform" id="changeform" method="post" action="process_bug.cgi"> |