diff options
author | mkanat%bugzilla.org <> | 2009-09-11 18:10:13 +0200 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2009-09-11 18:10:13 +0200 |
commit | 7380ea9ae11764633a4b6e64850da2d84b2aaeb2 (patch) | |
tree | ab2e70e86df3d8ed53a09032777e6168d674cc6c /template | |
parent | 7fda8c351dd6c9621d85c9b29c5c6baa2f1eaba3 (diff) | |
download | bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.gz bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.xz |
Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165)
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/global/code-error.html.tmpl | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index e96e6d48e..4ba5e647a 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -338,6 +338,11 @@ There is no valid transition from [%+ get_status("UNCONFIRMED") FILTER html %] to an open state. + [% ELSIF error == "param_invalid" %] + [% title = "Invalid Parameter" %] + <code>[% param FILTER html %]</code> is not a valid parameter + for the [% function FILTER html %] function. + [% ELSIF error == "param_must_be_numeric" %] [% title = "Invalid Parameter" %] Invalid parameter <code>[% param FILTER html %]</code> passed to |