diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
commit | 92cb17e05cecb4093ee9e189347ba66b8844528a (patch) | |
tree | 7129cf8b6398e67276a17856804d4a157c4b7fa1 /template/en/default | |
parent | 92308c08cfd6608383be7faf90318f620ed5f4dc (diff) | |
download | bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.gz bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.xz |
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'template/en/default')
-rw-r--r-- | template/en/default/bug/create/confirm-create-dupe.html.tmpl | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/template/en/default/bug/create/confirm-create-dupe.html.tmpl b/template/en/default/bug/create/confirm-create-dupe.html.tmpl deleted file mode 100644 index b0a5cddda..000000000 --- a/template/en/default/bug/create/confirm-create-dupe.html.tmpl +++ /dev/null @@ -1,57 +0,0 @@ -[%# The contents of this file are subject to the Mozilla Public - # License Version 1.1 (the "License"); you may not use this file - # except in compliance with the License. You may obtain a copy of - # the License at http://www.mozilla.org/MPL/ - # - # Software distributed under the License is distributed on an "AS - # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - # implied. See the License for the specific language governing - # rights and limitations under the License. - # - # The Original Code is the Bugzilla Bug Tracking System. - # - # The Initial Developer of the Original Code is Olav Vitters. - # - # Contributor(s): Olav Vitters <olav@bkor.dhs.org> - #%] - -[%# INTERFACE: - # bugid: integer. ID of the bug previously used to create a bug. - # allow_override: boolean int. Is 1 if the user may submit the bug again. - #%] - -[% PROCESS "global/field-descs.none.tmpl" %] - -[% PROCESS global/header.html.tmpl - title = "Already filed $terms.bug" -%] - -[% USE Bugzilla %] - -<table cellpadding="20"> - <tr> - <td bgcolor="#ff0000"> - <font size="+2"> - You already used the form to file [% "$terms.bug $bugid" FILTER bug_link(bugid) FILTER none %]. - </font> - </td> - </tr> -</table> - -<p><font size="big">You are highly encouraged to visit [% "$terms.bug $bugid" -FILTER bug_link(bugid) FILTER none %].</font></p> - -[% IF allow_override %] - <p>If you are sure you used the same form to submit a new [% terms.bug %], - click 'File [% terms.bug %] again'.<p> - - <form name="create" id="create" method="post" action="post_bug.cgi" - [%- IF Bugzilla.cgi.param("data") %] enctype="multipart/form-data"[% END %]> - [% PROCESS "global/hidden-fields.html.tmpl" - exclude="^(Bugzilla_login|Bugzilla_password|ignore_token)$" %] - <input type="hidden" name="ignore_token" value="[% bugid FILTER html %]"> - <input type="submit" value="File [% terms.bug %] again" id="file_bug_again"> - </form> -[% END %] - -[% PROCESS global/footer.html.tmpl %] |