From 564fb6842b0d0be49a58e1ed30a94b8f0a2c511e Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 19 Feb 2013 18:24:20 +0100
Subject: Bug 842038: (CVE-2013-0785) [SECURITY] XSS in show_bug.cgi when using
 an invalid page format r=glob a=LpSolit

---
 template/en/default/global/user-error.html.tmpl | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'template/en/default/global')

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index c9448a503..6d03eaa4b 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -741,7 +741,10 @@
     [% title = "Format Not Found" %]
     The requested format <em>[% format FILTER html %]</em> does not exist with
     a content type of <em>[% ctype FILTER html %]</em>.
-    
+    [% IF invalid %]
+      Both parameters must contain letters and hyphens only.
+    [% END %]
+
   [% ELSIF error == "flag_type_sortkey_invalid" %]
     [% title = "Flag Type Sort Key Invalid" %]
     The sort key <em>[% sortkey FILTER html %]</em> must be an integer
-- 
cgit v1.2.3-24-g4f1b