From 9cc89d34f79d1a326e5c792722163d5908a97c13 Mon Sep 17 00:00:00 2001 From: Dylan Hardison Date: Wed, 9 Mar 2016 22:12:31 -0500 Subject: Bug 1254227 - MozReview auth delegation allows sending out phishing mails via Bugzilla --- template/en/default/email/new-api-key.txt.tmpl | 2 +- template/en/default/global/user-error.html.tmpl | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'template') diff --git a/template/en/default/email/new-api-key.txt.tmpl b/template/en/default/email/new-api-key.txt.tmpl index 5dc068b05..4a03fe800 100644 --- a/template/en/default/email/new-api-key.txt.tmpl +++ b/template/en/default/email/new-api-key.txt.tmpl @@ -21,7 +21,7 @@ X-Bugzilla-Type: admin [This e-mail has been automatically generated] A new [% terms.Bugzilla %] API key[% IF new_key.description %], with the -description '[% new_key.description %]'[% END %] has been created. You can view +description '[% new_key.description FILTER truncate(10) %]'[% END %] has been created. You can view or update the key at the following URL: [%+ urlbase %]userprefs.cgi?tab=apikey diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 2ecad03fd..33fb0123d 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -148,6 +148,12 @@ [% title = "Auth delegation can't be confirmed" %] Auth delegation cannot be confirmed due to missing or invalid token. + [% ELSIF error == "auth_delegation_invalid_description" %] + [% title = "Auth delegation suspicious description" %] + It looks like auth delegation was attempted with a suspicious description! + Auth Delegation descriptions should consist only of words, with no other punctuation. + You were sent here by some other site; please contact them for support. + [% ELSIF error == "auth_delegation_invalid_token" %] [% title = "Auth delegation can't be confirmed" %] Auth delegation cannot be confirmed due to missing or invalid token. -- cgit v1.2.3-24-g4f1b