From 811987d677a4117f09b032e3935aff9accdc133d Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 18 Apr 2012 18:58:04 +0200
Subject: Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists
 permits attackers to access all bugs that the victim can see r=glob a=LpSolit

---
 template/en/default/list/list.js.tmpl | 25 -------------------------
 1 file changed, 25 deletions(-)
 delete mode 100644 template/en/default/list/list.js.tmpl

(limited to 'template/en/default/list/list.js.tmpl')

diff --git a/template/en/default/list/list.js.tmpl b/template/en/default/list/list.js.tmpl
deleted file mode 100644
index 8795b1cf5..000000000
--- a/template/en/default/list/list.js.tmpl
+++ /dev/null
@@ -1,25 +0,0 @@
-[%# This Source Code Form is subject to the terms of the Mozilla Public
-  # License, v. 2.0. If a copy of the MPL was not distributed with this
-  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-  #
-  # This Source Code Form is "Incompatible With Secondary Licenses", as
-  # defined by the Mozilla Public License, v. 2.0.
-  #%]
-
-// Note: only publicly-accessible bugs (those not in any group) will be
-// listed when using this JavaScript format. This is to prevent malicious
-// sites stealing information about secure bugs.
-  
-bugs = new Array; 
-
-[% FOREACH bug = bugs %]
-  bugs[[% bug.bug_id %]] = [ 
-    [% FOREACH column = displaycolumns %]
-      "[%- bug.$column FILTER js -%]"[% "," UNLESS loop.last %]
-    [% END %]
-  ];
-[% END %]
-
-if (window.buglistCallback) {
-  buglistCallback(bugs);
-}
-- 
cgit v1.2.3-24-g4f1b