From 7380ea9ae11764633a4b6e64850da2d84b2aaeb2 Mon Sep 17 00:00:00 2001 From: "mkanat%bugzilla.org" <> Date: Fri, 11 Sep 2009 16:10:13 +0000 Subject: Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125) and Bug.create (CVE-2009-3165) Patch by Max Kanat-Alexander r=LpSolit, a=mkanat --- template/en/default/global/code-error.html.tmpl | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'template/en/default') diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index e96e6d48e..4ba5e647a 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -338,6 +338,11 @@ There is no valid transition from [%+ get_status("UNCONFIRMED") FILTER html %] to an open state. + [% ELSIF error == "param_invalid" %] + [% title = "Invalid Parameter" %] + [% param FILTER html %] is not a valid parameter + for the [% function FILTER html %] function. + [% ELSIF error == "param_must_be_numeric" %] [% title = "Invalid Parameter" %] Invalid parameter [% param FILTER html %] passed to -- cgit v1.2.3-24-g4f1b