Bug 718319: (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can lead to CSRF (no victim's action required)

r=mkanat a=LpSolit
author: Frédéric Buclin <LpSolit@gmail.com> 2012-01-31 16:56:42 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2012-01-31 16:56:42 +0100
commit: d141a53e150c68b5a662a0ee625fc398ab164378 (patch)
tree: 61a720c40f9da5333c8b89b3ffaff8c62f7eaa67 /template/en
parent: 4e10a0b85df1228abc0b59ff7b4e830cb28ee093 (diff)
download: bugzilla-d141a53e150c68b5a662a0ee625fc398ab164378.tar.gz
bugzilla-d141a53e150c68b5a662a0ee625fc398ab164378.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index f5274b8bd..fdd2fb980 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1007,6 +1007,11 @@
     parameter. See the documentation at
     [%+ docs_urlbase FILTER html %]api/Bugzilla/WebService/Server/JSONRPC.html
 
+  [% ELSIF error == "json_rpc_illegal_content_type" %]
+    When using JSON-RPC over POST, you cannot send data as
+    [%+ content_type FILTER html %]. Only application/json and
+    application/json-rpc are allowed.
+
   [% ELSIF error == "json_rpc_invalid_params" %]
     Could not parse the 'params' argument as valid JSON.
     Error: [% err_msg FILTER html %]
author	Frédéric Buclin <LpSolit@gmail.com>	2012-01-31 16:56:42 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2012-01-31 16:56:42 +0100
commit	d141a53e150c68b5a662a0ee625fc398ab164378 (patch)
tree	61a720c40f9da5333c8b89b3ffaff8c62f7eaa67 /template/en
parent	4e10a0b85df1228abc0b59ff7b4e830cb28ee093 (diff)
download	bugzilla-d141a53e150c68b5a662a0ee625fc398ab164378.tar.gz bugzilla-d141a53e150c68b5a662a0ee625fc398ab164378.tar.xz