Bug 1075578: [SECURITY] Improper filtering of CGI arguments

r=dkl,a=sgreen
author: Frédéric Buclin <LpSolit@gmail.com> 2014-10-06 16:25:06 +0200
committer: David Lawrence <dkl@mozilla.com> 2014-10-06 16:25:06 +0200
commit: ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad (patch)
tree: 3708d76568e9b7152fbb8dbe8c1b7b5690b8394c /template
parent: b07267acd0301aef84aa74fc4aea39481cea6ad5 (diff)
download: bugzilla-ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad.tar.gz
bugzilla-ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad.tar.xz
2 files changed, 1 insertions, 2 deletions
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index 897ab148e..402862734 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -186,7 +186,6 @@
 ],
 
 'global/messages.html.tmpl' => [
-  'message_tag', 
   'series.frequency * 2',
 ],
 
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 2567d4a7a..6cc15ccd8 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -941,7 +941,7 @@
 [% IF !message %]
   [% message = BLOCK %]
     You are using [% terms.Bugzilla %]'s messaging functions incorrectly. You
-    passed in the string '[% message_tag %]'. The correct use is to pass
+    passed in the string '[% message_tag FILTER html %]'. The correct use is to pass
     in a tag, and define that tag in the file messages.html.tmpl.<br>
     <br>
     If you are a [% terms.Bugzilla %] end-user seeing this message, please
author	Frédéric Buclin <LpSolit@gmail.com>	2014-10-06 16:25:06 +0200
committer	David Lawrence <dkl@mozilla.com>	2014-10-06 16:25:06 +0200
commit	ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad (patch)
tree	3708d76568e9b7152fbb8dbe8c1b7b5690b8394c /template
parent	b07267acd0301aef84aa74fc4aea39481cea6ad5 (diff)
download	bugzilla-ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad.tar.gz bugzilla-ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad.tar.xz