Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see

r=glob a=LpSolit

1 files changed, 0 insertions, 37 deletions

diff --git a/template/en/default/list/list.js.tmpl b/template/en/default/list/list.js.tmpl
deleted file mode 100644
index 7e9664c43..000000000
--- a/template/en/default/list/list.js.tmpl
+++ /dev/null
@@ -1,37 +0,0 @@
-[%# The contents of this file are subject to the Mozilla Public
-  # License Version 1.1 (the "License"); you may not use this file
-  # except in compliance with the License. You may obtain a copy of
-  # the License at http://www.mozilla.org/MPL/
-  #
-  # Software distributed under the License is distributed on an "AS
-  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-  # implied. See the License for the specific language governing
-  # rights and limitations under the License.
-  #
-  # The Original Code is the Bugzilla Bug Tracking System.
-  #
-  # The Initial Developer of the Original Code is Netscape Communications
-  # Corporation. Portions created by Netscape are
-  # Copyright (C) 1998 Netscape Communications Corporation. All
-  # Rights Reserved.
-  #
-  # Contributor(s): Gervase Markham <gerv@gerv.net>
-  #%]
-
-// Note: only publicly-accessible bugs (those not in any group) will be
-// listed when using this JavaScript format. This is to prevent malicious
-// sites stealing information about secure bugs.
-  
-bugs = new Array; 
-
-[% FOREACH bug = bugs %]
-  bugs[[% bug.bug_id %]] = [ 
-    [% FOREACH column = displaycolumns %]
-      "[%- bug.$column FILTER js -%]"[% "," UNLESS loop.last %]
-    [% END %]
-  ];
-[% END %]
-
-if (window.buglistCallback) {
-  buglistCallback(bugs);
-}