From d382992164347e076c51d3116a32aeabb2beecd5 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 2 Feb 2009 18:59:17 +0000
Subject: Bug 466692: [SECURITY] keywords and unused flag types can be deleted
 by bypassing the token check - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com>
 r=mkanat a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../en/default/admin/flag-type/confirm-delete.html.tmpl     | 13 ++++++++-----
 template/en/default/admin/keywords/confirm-delete.html.tmpl |  3 +--
 template/en/default/admin/keywords/list.html.tmpl           |  2 +-
 3 files changed, 10 insertions(+), 8 deletions(-)
 mode change 100755 => 100644 template/en/default/admin/keywords/confirm-delete.html.tmpl
 mode change 100755 => 100644 template/en/default/admin/keywords/list.html.tmpl

(limited to 'template/en/default')
diff --git a/template/en/default/admin/flag-type/confirm-delete.html.tmpl b/template/en/default/admin/flag-type/confirm-delete.html.tmpl
index cc6a064a9..ed909417d 100644
--- a/template/en/default/admin/flag-type/confirm-delete.html.tmpl
+++ b/template/en/default/admin/flag-type/confirm-delete.html.tmpl
@@ -28,13 +28,16 @@
 %]
 
 <p>
-   There are [% flag_type.flag_count %] flags of type [% flag_type.name FILTER html %].
-   If you delete this type, those flags will also be deleted.  Note that
-   instead of deleting the type you can
+  [% IF flag_type.flag_count %]
+    There are [% flag_type.flag_count %] flags of type [% flag_type.name FILTER html %].
+    If you delete this type, those flags will also be deleted.
+  [% END %]
+
+  Note that instead of deleting the type you can
    <a href="editflagtypes.cgi?action=deactivate&amp;id=[% flag_type.id %]&amp;token=
            [%- token FILTER html %]">deactivate it</a>,
-   in which case the type and its flags will remain in the database
-   but will not appear in the [% terms.Bugzilla %] UI.
+   in which case the type [% IF flag_type.flag_count %] and its flags [% END %] will remain
+   in the database but will not appear in the [% terms.Bugzilla %] UI.
 </p>
 
 <table>
diff --git a/template/en/default/admin/keywords/confirm-delete.html.tmpl b/template/en/default/admin/keywords/confirm-delete.html.tmpl
old mode 100755
new mode 100644
index 6bde05abf..20a6deee7
--- a/template/en/default/admin/keywords/confirm-delete.html.tmpl
+++ b/template/en/default/admin/keywords/confirm-delete.html.tmpl
@@ -31,7 +31,7 @@
 <p>
   [% IF keyword.bug_count == 1 %]
     There is one [% terms.bug %] with this keyword set.
-  [% ELSE %]
+  [% ELSIF keyword.bug_count > 1 %]
     There are [% keyword.bug_count FILTER html %] [%+ terms.bugs %] with
     this keyword set.
   [% END %]
@@ -43,7 +43,6 @@
 <form method="post" action="editkeywords.cgi">
   <input type="hidden" name="id" value="[% keyword.id FILTER html %]">
   <input type="hidden" name="action" value="delete">
-  <input type="hidden" name="reallydelete" value="1">
   <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="delete"
          value="Yes, really delete the keyword">
diff --git a/template/en/default/admin/keywords/list.html.tmpl b/template/en/default/admin/keywords/list.html.tmpl
old mode 100755
new mode 100644
index 5fb6b3aa6..c400a2362
--- a/template/en/default/admin/keywords/list.html.tmpl
+++ b/template/en/default/admin/keywords/list.html.tmpl
@@ -54,7 +54,7 @@
      { 
        heading => "Action" 
        content => "Delete"
-       contentlink => "editkeywords.cgi?action=delete&amp;id=%%id%%"
+       contentlink => "editkeywords.cgi?action=del&amp;id=%%id%%"
      }
    ]
 %]
-- 
cgit v1.2.3-24-g4f1b

