From 7380ea9ae11764633a4b6e64850da2d84b2aaeb2 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Fri, 11 Sep 2009 16:10:13 +0000
Subject: Bug 515191: [SECURITY] SQL Injection via Bug.search (CVE-2009-3125)
 and Bug.create (CVE-2009-3165) Patch by Max Kanat-Alexander
 <mkanat@bugzilla.org> r=LpSolit, a=mkanat

---
 template/en/default/global/code-error.html.tmpl | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'template/en')

diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index e96e6d48e..4ba5e647a 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -338,6 +338,11 @@
     There is no valid transition from
     [%+ get_status("UNCONFIRMED") FILTER html %] to an open state.
 
+  [% ELSIF error == "param_invalid" %]
+    [% title = "Invalid Parameter" %]
+    <code>[% param FILTER html %]</code> is not a valid parameter
+    for the [% function FILTER html %] function.
+
   [% ELSIF error == "param_must_be_numeric" %]
     [% title = "Invalid Parameter" %]
     Invalid parameter <code>[% param FILTER html %]</code> passed to 
-- 
cgit v1.2.3-24-g4f1b