diff options
author | Reed Loden <reed@reedloden.com> | 2011-11-21 23:08:54 +0100 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2011-11-21 23:08:54 +0100 |
commit | 4d99c123ee568e5a548968de8417ebc70a24efe4 (patch) | |
tree | 940fc8e5af4e751fecfae551cb735ccf719e9258 /template/en/default | |
parent | f08fde0c271e6393a10aa0011b49613d26a31d33 (diff) | |
download | bugzilla-4d99c123ee568e5a548968de8417ebc70a24efe4.tar.gz bugzilla-4d99c123ee568e5a548968de8417ebc70a24efe4.tar.xz |
Bug 703983 - CSRF vulnerability in attachment.cgi allows possible unauthorized attachment creation
[r=LpSolit a=LpSolit]
Diffstat (limited to 'template/en/default')
-rw-r--r-- | template/en/default/attachment/cancel-create-dupe.html.tmpl | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/template/en/default/attachment/cancel-create-dupe.html.tmpl b/template/en/default/attachment/cancel-create-dupe.html.tmpl deleted file mode 100644 index 643a24ad8..000000000 --- a/template/en/default/attachment/cancel-create-dupe.html.tmpl +++ /dev/null @@ -1,48 +0,0 @@ -[%# The contents of this file are subject to the Mozilla Public - # License Version 1.1 (the "License"); you may not use this file - # except in compliance with the License. You may obtain a copy of - # the License at http://www.mozilla.org/MPL/ - # - # Software distributed under the License is distributed on an "AS - # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - # implied. See the License for the specific language governing - # rights and limitations under the License. - # - # The Original Code is the Bugzilla Bug Tracking System. - # - # The Initial Developer of the Original Code is Olav Vitters. - # - # Contributor(s): Olav Vitters <olav@bkor.dhs.org> - # David Lawrence <dkl@redhat.com> - #%] - -[%# INTERFACE: - # bugid: integer. ID of the bug report that this attachment relates to. - # attachid: integer. ID of the previous attachment recently created. - #%] - -[% PROCESS "global/field-descs.none.tmpl" %] - -[% PROCESS global/header.html.tmpl - title = "Already filed attachment" -%] - -[% USE Bugzilla %] - -<table cellpadding="20"> - <tr> - <td bgcolor="#ff0000"> - <font size="+2"> - You already used the form to file - <a href="[% urlbase FILTER html %]attachment.cgi?id=[% attachid FILTER uri %]&action=edit">attachment [% attachid FILTER uri %]</a>. - </font> - </td> - </tr> -</table> - -<p> - You can either <a href="[% urlbase FILTER html %]attachment.cgi?bugid=[% bugid FILTER uri %]&action=enter"> - create a new attachment</a> or [% "go back to $terms.bug $bugid" FILTER bug_link(bugid) FILTER none %]. -<p> - -[% PROCESS global/footer.html.tmpl %] |