From d141a53e150c68b5a662a0ee625fc398ab164378 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 31 Jan 2012 16:56:42 +0100
Subject: Bug 718319: (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass
 token checks and can lead to CSRF (no victim's action required) r=mkanat
 a=LpSolit

---
 template/en/default/global/user-error.html.tmpl | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'template')

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index f5274b8bd..fdd2fb980 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1007,6 +1007,11 @@
     parameter. See the documentation at
     [%+ docs_urlbase FILTER html %]api/Bugzilla/WebService/Server/JSONRPC.html
 
+  [% ELSIF error == "json_rpc_illegal_content_type" %]
+    When using JSON-RPC over POST, you cannot send data as
+    [%+ content_type FILTER html %]. Only application/json and
+    application/json-rpc are allowed.
+
   [% ELSIF error == "json_rpc_invalid_params" %]
     Could not parse the 'params' argument as valid JSON.
     Error: [% err_msg FILTER html %]
-- 
cgit v1.2.3-24-g4f1b