Bug 1075578: [SECURITY] Improper filtering of CGI arguments

r=dkl,a=sgreen
author: Frédéric Buclin <LpSolit@gmail.com> 2014-10-06 16:29:01 +0200
committer: David Lawrence <dkl@mozilla.com> 2014-10-06 16:29:01 +0200
commit: 9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree: 3ddcb53698d5f608dd9228b1632481f4a0fcc04f /template/en/default/global/messages.html.tmpl
parent: 553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff)
download: bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz
bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index f47a1d6ec..3a8aa1ada 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -943,7 +943,7 @@
 [% IF !message %]
   [% message = BLOCK %]
     You are using Bugzilla's messaging functions incorrectly. You
-    passed in the string '[% message_tag %]'. The correct use is to pass
+    passed in the string '[% message_tag FILTER html %]'. The correct use is to pass
     in a tag, and define that tag in the file <kbd>messages.html.tmpl</kbd>.<br>
     <br>
     If you are a [% terms.Bugzilla %] end-user seeing this message, please
author	Frédéric Buclin <LpSolit@gmail.com>	2014-10-06 16:29:01 +0200
committer	David Lawrence <dkl@mozilla.com>	2014-10-06 16:29:01 +0200
commit	9e186bdd5da79077f162351d61fd1163d6cfd622 (patch)
tree	3ddcb53698d5f608dd9228b1632481f4a0fcc04f /template/en/default/global/messages.html.tmpl
parent	553568ddf8d9c6282daf779bb83dec7111ed4ff0 (diff)
download	bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.gz bugzilla-9e186bdd5da79077f162351d61fd1163d6cfd622.tar.xz