From 51605fb0ae3ce7d85b6037e0ac4b22676766ad0c Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 3 Jan 2018 12:13:10 -0500
Subject: Bug 1426475 - Make unknown bug id / alias error message more obvious
 to prevent content spoofing

---
 template/en/default/global/user-error.html.tmpl | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'template/en')

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 9eefbcb73..a9342e343 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1045,8 +1045,12 @@
     [% title = BLOCK %]
       [% IF bug_id %]Invalid [% ELSE %]Missing [% END %] [% terms.Bug %] ID
     [% END %]
+    [% UNLESS bug_id.match("^\\d+$") %]
+        [% bug_id = bug_id.truncate(40).upper().replace("\\W+", "", "g") %]
+    [% END %]
     [% IF bug_id %]
-      '[% bug_id FILTER html %]' is not a valid [% terms.bug %] number
+      Sorry, I can't find "<em>[% bug_id FILTER html %]</em>".
+      It does not seem like [% terms.bug %] number
       [% IF Param("usebugaliases") %]
         nor an alias to [% terms.abug %]
       [% END %].
@@ -1996,6 +2000,8 @@
    admindocslinks = admindocslinks
 %]
 
+<h1>[% title FILTER html %]</h1>
+
 <table cellpadding="20">
   <tr>
     <td id="error_msg" class="throw_error">
-- 
cgit v1.2.3-24-g4f1b