summaryrefslogtreecommitdiffstats
path: root/template/en/default
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2018-01-03 18:13:10 +0100
committerDylan William Hardison <dylan@hardison.net>2018-01-04 14:13:12 +0100
commit51605fb0ae3ce7d85b6037e0ac4b22676766ad0c (patch)
tree580ada7a647074a7fbea103317929e60b0d2295c /template/en/default
parent4c27263074ad0e72d3a50c9980691931b442ea41 (diff)
downloadbugzilla-51605fb0ae3ce7d85b6037e0ac4b22676766ad0c.tar.gz
bugzilla-51605fb0ae3ce7d85b6037e0ac4b22676766ad0c.tar.xz
Bug 1426475 - Make unknown bug id / alias error message more obvious to prevent content spoofing
Diffstat (limited to 'template/en/default')
-rw-r--r--template/en/default/global/user-error.html.tmpl8
1 files changed, 7 insertions, 1 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 9eefbcb73..a9342e343 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1045,8 +1045,12 @@
[% title = BLOCK %]
[% IF bug_id %]Invalid [% ELSE %]Missing [% END %] [% terms.Bug %] ID
[% END %]
+ [% UNLESS bug_id.match("^\\d+$") %]
+ [% bug_id = bug_id.truncate(40).upper().replace("\\W+", "", "g") %]
+ [% END %]
[% IF bug_id %]
- '[% bug_id FILTER html %]' is not a valid [% terms.bug %] number
+ Sorry, I can't find "<em>[% bug_id FILTER html %]</em>".
+ It does not seem like [% terms.bug %] number
[% IF Param("usebugaliases") %]
nor an alias to [% terms.abug %]
[% END %].
@@ -1996,6 +2000,8 @@
admindocslinks = admindocslinks
%]
+<h1>[% title FILTER html %]</h1>
+
<table cellpadding="20">
<tr>
<td id="error_msg" class="throw_error">