From 026539311662235ea26f5f3cfe885322846db6fb Mon Sep 17 00:00:00 2001
From: "gerv%gerv.net" <>
Date: Sun, 7 Sep 2003 02:23:09 +0000
Subject: Bug 207044 - Filter more template directives. None of these are
security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.
---
template/en/default/global/code-error.html.tmpl | 39 ++++++++++---------------
1 file changed, 16 insertions(+), 23 deletions(-)
(limited to 'template/en/default/global/code-error.html.tmpl')
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 60ae95043..939c0c4dc 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -28,6 +28,9 @@
[%# This is a list of all the possible code errors. Please keep them in
# alphabetical order by error tag, and leave a blank line between errors.
+ #
+ # Note that you must explicitly filter every single template variable
+ # in this file; if you do not wish to change it, use the "none" filter.
#%]
[% PROCESS global/variables.none.tmpl %]
@@ -35,14 +38,7 @@
[% DEFAULT title = "Internal Error" %]
[% error_message = BLOCK %]
- [% IF error == "aaa_example_error_tag" %]
- [% title = "Example Error" %]
- This is an example error. The title is set above. This text is the body
- of the error. It can contain arbitrary HTML, and also references
- to any [% parameters %] which you may have set before calling
- ThrowCodeError.
-
- [% ELSIF error == "action_unrecognized" %]
+ [% IF error == "action_unrecognized" %]
I don't recognize the value ([% variables.action FILTER html %])
of the action variable.
@@ -61,8 +57,8 @@
An authorization handler return value was not handled by the login code.
[% ELSIF error == "bug_error" %]
- Trying to retrieve [% terms.bug %] [%+ bug.bug_id %] returned the error
- [% bug.error FILTER html %]
+ Trying to retrieve [% terms.bug %] [%+ bug.bug_id FILTER html %] returned
+ the error [% bug.error FILTER html %].
[% ELSIF error == "chart_data_not_generated" %]
The tool which gathers [% terms.bug %] counts has not been run yet.
@@ -82,7 +78,7 @@
Run checksetup.pl for installation instructions.
[% ELSIF error == "field_type_mismatch" %]
- Cannot seem to handle [% field %]
+ Cannot seem to handle [% field FILTER html %]
and [% type FILTER html %]
together.
[% ELSIF error == "gd_not_installed" %]
@@ -107,8 +103,8 @@
'[% bit FILTER html %]'.
[% ELSIF error == "bad_arg" %]
- Bad argument [% argument %]
sent to
- [% function %]
function.
+ Bad argument [% argument FILTER html %]
sent to
+ [% function FILTER html %]
function.
[% ELSIF error == "invalid_attach_id_to_obsolete" %]
The attachment number of one of the attachments you wanted to obsolete,
@@ -145,11 +141,8 @@
but you tried to flag it as obsolete while creating a new attachment to
[% terms.bug %] [%+ my_bug_id FILTER html %].
- [% ELSIF error == "no_bug_data" %]
- No data when fetching [% terms.bug %] [%+ bug_id %].
-
[% ELSIF error == "flag_nonexistent" %]
- There is no flag with ID #[% variables.id %].
+ There is no flag with ID #[% variables.id FILTER html %].
[% ELSIF error == "flag_status_invalid" %]
The flag status [% variables.status FILTER html %] is invalid.
@@ -166,7 +159,7 @@
a positive integer.
[% ELSIF error == "flag_type_nonexistent" %]
- There is no flag type with the ID [% variables.id %].
+ There is no flag type with the ID [% variables.id FILTER html %].
[% ELSIF error == "flag_type_product_nonexistent" %]
The product [% variables.product FILTER html %] does not exist.
@@ -212,7 +205,7 @@
Something is seriously wrong with the token generation system.
[% ELSIF error == "template_error" %]
- [% template_error_msg %]
+ [% template_error_msg FILTER html %]
[% ELSIF error == "unable_to_retrieve_password" %]
I was unable to retrieve your old password from the database.
@@ -238,9 +231,9 @@
[% ELSE %]
[%# Give sensible error if error functions are used incorrectly.
#%]
- You are using [% terms.Bugzilla %]'s ThrowCodeError() function incorrectly. You
- passed in the string '[% error %]'. The correct use is to pass
- in a tag, and define that tag in the file code-error.html.tmpl.
+ You are using [% terms.Bugzilla %]'s ThrowCodeError() function incorrectly.
+ You passed in the string '[% error FILTER html %]'. The correct use is to
+ pass in a tag, and define that tag in the file code-error.html.tmpl.
If you are a [% terms.Bugzilla %] end-user seeing this message, please save this
page and send it to [% Param('maintainer') %].
@@ -267,7 +260,7 @@