From ce590bf022ef6c2fc0c0c902d773ec7a53e7e4ad Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 6 Oct 2014 14:25:06 +0000 Subject: Bug 1075578: [SECURITY] Improper filtering of CGI arguments r=dkl,a=sgreen --- template/en/default/filterexceptions.pl | 1 - template/en/default/global/messages.html.tmpl | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'template') diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 897ab148e..402862734 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -186,7 +186,6 @@ ], 'global/messages.html.tmpl' => [ - 'message_tag', 'series.frequency * 2', ], diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index 2567d4a7a..6cc15ccd8 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -941,7 +941,7 @@ [% IF !message %] [% message = BLOCK %] You are using [% terms.Bugzilla %]'s messaging functions incorrectly. You - passed in the string '[% message_tag %]'. The correct use is to pass + passed in the string '[% message_tag FILTER html %]'. The correct use is to pass in a tag, and define that tag in the file messages.html.tmpl.

If you are a [% terms.Bugzilla %] end-user seeing this message, please -- cgit v1.2.3-24-g4f1b