summaryrefslogtreecommitdiffstats
path: root/template/en/default
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2013-02-19 18:24:20 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2013-02-19 18:24:20 +0100
commit564fb6842b0d0be49a58e1ed30a94b8f0a2c511e (patch)
tree7c948449a19374c1e489e6fb71ea2d530afe9029 /template/en/default
parente2c8da0dfc534ffca6232cc7d370299d5d446604 (diff)
downloadbugzilla-564fb6842b0d0be49a58e1ed30a94b8f0a2c511e.tar.gz
bugzilla-564fb6842b0d0be49a58e1ed30a94b8f0a2c511e.tar.xz
Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using an invalid page format
r=glob a=LpSolit
Diffstat (limited to 'template/en/default')
-rw-r--r--template/en/default/global/user-error.html.tmpl5
1 files changed, 4 insertions, 1 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index c9448a503..6d03eaa4b 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -741,7 +741,10 @@
[% title = "Format Not Found" %]
The requested format <em>[% format FILTER html %]</em> does not exist with
a content type of <em>[% ctype FILTER html %]</em>.
-
+ [% IF invalid %]
+ Both parameters must contain letters and hyphens only.
+ [% END %]
+
[% ELSIF error == "flag_type_sortkey_invalid" %]
[% title = "Flag Type Sort Key Invalid" %]
The sort key <em>[% sortkey FILTER html %]</em> must be an integer