summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2009-09-11 18:10:13 +0200
committermkanat%bugzilla.org <>2009-09-11 18:10:13 +0200
commit7380ea9ae11764633a4b6e64850da2d84b2aaeb2 (patch)
treeab2e70e86df3d8ed53a09032777e6168d674cc6c /template
parent7fda8c351dd6c9621d85c9b29c5c6baa2f1eaba3 (diff)
downloadbugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.gz
bugzilla-7380ea9ae11764633a4b6e64850da2d84b2aaeb2.tar.xz
Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165)
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
Diffstat (limited to 'template')
-rw-r--r--template/en/default/global/code-error.html.tmpl5
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index e96e6d48e..4ba5e647a 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -338,6 +338,11 @@
There is no valid transition from
[%+ get_status("UNCONFIRMED") FILTER html %] to an open state.
+ [% ELSIF error == "param_invalid" %]
+ [% title = "Invalid Parameter" %]
+ <code>[% param FILTER html %]</code> is not a valid parameter
+ for the [% function FILTER html %] function.
+
[% ELSIF error == "param_must_be_numeric" %]
[% title = "Invalid Parameter" %]
Invalid parameter <code>[% param FILTER html %]</code> passed to