diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-04 22:08:32 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-04 22:08:32 +0200 |
| commit | 5d70d16f37a866852e6a48ec9fefe3664a6a9a55 (patch) | |
| tree | b193cb8a52a93619d408869931126777d8c82bb0 /template | |
| parent | b9c01561118c42514055b218f81cb82fa76dbb05 (diff) | |
| download | bugzilla-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.gz bugzilla-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.xz | |
Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creating or editing a bug
r=mkanat a=LpSolit
Diffstat (limited to 'template')
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 28 |
1 files changed, 8 insertions, 20 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 52ac64ddd..3e1b8748e 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -735,12 +735,6 @@ in the database which refer to it. All references to this group must be removed before you can remove it. - [% ELSIF error == "group_change_denied" %] - [% title = "Cannot Add/Remove That Group" %] - You tried to add or remove the '[% group.name FILTER html %]' group - from [% terms.bug %] [%+ bug.id FILTER html %], but you do not - have permissions to do so. - [% ELSIF error == "group_exists" %] [% title = "The group already exists" %] The group [% name FILTER html %] already exists. @@ -761,23 +755,17 @@ [% ELSIF error == "group_invalid_removal" %] - You tried to remove [% terms.bug %] [%+ bug.id FILTER html %] - from the '[% group.name FILTER html %]' group, but [% terms.bugs %] - in the '[% product FILTER html %]' product can not be removed from that - group. - - [% ELSIF error == "group_invalid_restriction" %] - You tried to restrict [% terms.bug %] [%+ bug.id FILTER html %] to - to the '[% group.name FILTER html %]' group, but [% terms.bugs %] in the - '[% product FILTER html %]' product can not be restricted to - that group. + You tried to remove [% terms.bug %] [%+ bug_id FILTER html %] + from the '[% name FILTER html %]' group, but either this group does not exist, + or you are not allowed to remove [% terms.bugs %] from this group in the + '[% product FILTER html %]' product. [% ELSIF error == "group_restriction_not_allowed" %] [% title = "Group Restriction Not Allowed" %] - You tried to restrict [% terms.abug %] to the "[% name FILTER html %]" - group, but either this group does not exist, or you are not allowed - to restrict [% terms.bugs %] to this group in the "[% product.name FILTER html %]" - product. + You tried to restrict [% bug_id ? "$terms.bug $bug_id" : terms.abug FILTER html %] + to the '[% name FILTER html %]' group, but either this group does not exist, + or you are not allowed to restrict [% terms.bugs %] to this group in the + '[% product FILTER html %]' product. [% ELSIF error == "group_not_specified" %] [% title = "Group not specified" %] |