Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165)

Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
author: mkanat%bugzilla.org <> 2009-09-11 18:10:13 +0200
committer: mkanat%bugzilla.org <> 2009-09-11 18:10:13 +0200
commit: 7380ea9ae11764633a4b6e64850da2d84b2aaeb2 (patch)
tree: ab2e70e86df3d8ed53a09032777e6168d674cc6c /template/en
parent: 7fda8c351dd6c9621d85c9b29c5c6baa2f1eaba3 (diff)
download: bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.gz
bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index e96e6d48e..4ba5e647a 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -338,6 +338,11 @@
     There is no valid transition from
     [%+ get_status("UNCONFIRMED") FILTER html %] to an open state.
 
+  [% ELSIF error == "param_invalid" %]
+    [% title = "Invalid Parameter" %]
+    <code>[% param FILTER html %]</code> is not a valid parameter
+    for the [% function FILTER html %] function.
+
   [% ELSIF error == "param_must_be_numeric" %]
     [% title = "Invalid Parameter" %]
     Invalid parameter <code>[% param FILTER html %]</code> passed to
author	mkanat%bugzilla.org <>	2009-09-11 18:10:13 +0200
committer	mkanat%bugzilla.org <>	2009-09-11 18:10:13 +0200
commit	7380ea9ae11764633a4b6e64850da2d84b2aaeb2 (patch)
tree	ab2e70e86df3d8ed53a09032777e6168d674cc6c /template/en
parent	7fda8c351dd6c9621d85c9b29c5c6baa2f1eaba3 (diff)
download	bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.gz bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.xz