diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-01-31 17:01:20 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-01-31 17:01:20 +0100 |
commit | 0b14241a7c307a2619cb67cee42086b30fa03795 (patch) | |
tree | d1464df034d24a8923581d885949b8cecea1205d /template | |
parent | 6c81a8674ac77562584d5033561f8b4d947f23bb (diff) | |
download | bugzilla-0b14241a7c307a2619cb67cee42086b30fa03795.tar.gz bugzilla-0b14241a7c307a2619cb67cee42086b30fa03795.tar.xz |
(CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can lead to CSRF (no victim's action required)
r=mkanat a=LpSolit
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index dc0a94ac7..9e99dae15 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1018,6 +1018,11 @@ parameter. See the documentation at [%+ docs_urlbase FILTER html %]api/Bugzilla/WebService/Server/JSONRPC.html + [% ELSIF error == "json_rpc_illegal_content_type" %] + When using JSON-RPC over POST, you cannot send data as + [%+ content_type FILTER html %]. Only application/json and + application/json-rpc are allowed. + [% ELSIF error == "json_rpc_invalid_params" %] Could not parse the 'params' argument as valid JSON. Error: [% err_msg FILTER html %] |