summaryrefslogtreecommitdiffstats
path: root/template/en
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2008-11-06 01:38:49 +0100
committerlpsolit%gmail.com <>2008-11-06 01:38:49 +0100
commitc4c473b908a62eaf839a61b657397a9c66b1f82c (patch)
treef7672c20a23ed8f6bdbbe37bc4705b00d4a6673e /template/en
parentbbc78743ea55f5907dc7d37fb65020a0b6f26c9e (diff)
downloadbugzilla-c4c473b908a62eaf839a61b657397a9c66b1f82c.tar.gz
bugzilla-c4c473b908a62eaf839a61b657397a9c66b1f82c.tar.xz
Bug 449931: [SECURITY] Unprivileged users can approve/unapprove all the quips (including bypassing moderation) - Patch by Robin H. Johnson <robbat2@gentoo.org> r/a=LpSolit
Diffstat (limited to 'template/en')
-rw-r--r--template/en/default/global/user-error.html.tmpl2
-rw-r--r--template/en/default/list/quips.html.tmpl3
2 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index f4ea42ccf..0936847f5 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -146,6 +146,8 @@
schedule
[% ELSIF action == "use" %]
use
+ [% ELSIF action == "approve" %]
+ approve
[% END %]
[% IF object == "administrative_pages" %]
diff --git a/template/en/default/list/quips.html.tmpl b/template/en/default/list/quips.html.tmpl
index b8359ffc6..1404b2e35 100644
--- a/template/en/default/list/quips.html.tmpl
+++ b/template/en/default/list/quips.html.tmpl
@@ -124,6 +124,9 @@
</a>
</td>
<td>
+ <input type="hidden" name="defined_quipid_[% quipid FILTER html %]"
+ id="defined_quipid_[% quipid FILTER html %]"
+ value="1">
<input type="checkbox" name="quipid_[% quipid FILTER html %]"
id="quipid_[% quipid FILTER html %]"
[%- ' checked="checked"' IF quips.$quipid.approved %]>