From 6e0182e55396213869186764abb1620dcbf307f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= Date: Sat, 19 Mar 2016 17:33:48 +0100 Subject: Bug 1230932: Providing a condition as an ID to the webservice results in a taint error r/a=dkl --- template/en/default/global/code-error.html.tmpl | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'template') diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 63f3ae9d9..830a7e7f6 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -290,6 +290,14 @@ a [% param FILTER html %] argument, and that argument was not set. + [% ELSIF error == "param_integer_required" %] + The function [% function FILTER html %] requires + that [% param FILTER html %] be an integer. + + [% ELSIF error == "param_scalar_array_required" %] + The [% param FILTER html %] parameter must be an array of scalars + (integers and/or strings). + [% ELSIF error == "params_required" %] [% title = "Missing Parameter" %] The function [% function FILTER html %] requires -- cgit v1.2.1 From ea0c5024c1701f6dfdc77c9161d9c0ff2f6c4bde Mon Sep 17 00:00:00 2001 From: Albert Ting Date: Wed, 20 Apr 2016 01:50:44 +0000 Subject: Bug 542239 - Accept pronouns everywhere in query.cgi r=dkl,a=dkl --- template/en/default/search/form.html.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'template') diff --git a/template/en/default/search/form.html.tmpl b/template/en/default/search/form.html.tmpl index 0420811ee..ac8aeaf61 100644 --- a/template/en/default/search/form.html.tmpl +++ b/template/en/default/search/form.html.tmpl @@ -247,7 +247,7 @@ TUI_hide_default('information_query'); [% FOREACH qv = [ { name => "substring", description => "contains" }, { name => "notsubstring", description => "doesn't contain" }, - { name => "exact", description => "is" }, + { name => "equals", description => "is" }, { name => "notequals", description => "is not" }, { name => "regexp", description => "matches regexp" }, { name => "notregexp", description => "doesn't match regexp" } ] %] -- cgit v1.2.1 From a59f1e99c2285b2802a3da45658095b121d0f5cb Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Fri, 13 May 2016 13:34:19 -0400 Subject: Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled --- template/en/default/global/tabs.html.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'template') diff --git a/template/en/default/global/tabs.html.tmpl b/template/en/default/global/tabs.html.tmpl index 9cf5a897b..511640477 100644 --- a/template/en/default/global/tabs.html.tmpl +++ b/template/en/default/global/tabs.html.tmpl @@ -25,7 +25,7 @@ [% tab.label FILTER html %] [% ELSE %] + onClick="document.location='[% tab.link FILTER js FILTER html %]'"> [% tab.label FILTER html %] [% END %] -- cgit v1.2.1 From 16dd96bdfdadea63e182f0954f06c187cb83e75b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= Date: Fri, 13 May 2016 20:37:08 +0200 Subject: Bug 1269388 - Release notes for Bugzilla 5.0.3 r=dkl --- template/en/default/pages/release-notes.html.tmpl | 34 +++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'template') diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index 5bd1608d9..358298bc8 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -43,6 +43,40 @@

Updates in this 5.0.x Release

+

5.0.3

+ +

This release fixes one security issue. See the + Security Advisory + for details.

+ +

This release also contains the following [% terms.bug %] fixes:

+ +
    +
  • A regression in Bugzilla 5.0.2 caused whine.pl to be unable + to send emails due to a missing subroutine. + ([% terms.Bug %] 1235395)
    • +
  • The Encode module changed the way it encodes strings, causing + email addresses in emails sent by [%terms.Bugzilla %] to be encoded, + preventing emails from being correctly delivered to recipients. + We now encode email headers correctly. + ([% terms.Bug %] 1246228)
    • +
  • Fix additional taint issues with Strawberry Perl. + ([% terms.Bug %] 987742 and + [% terms.bug %] 1089448)
    • +
  • When exporting a buglist as a CSV file, fields starting with either + "=", "+", "-" or "@" are preceded by a space to not trigger formula + execution in Excel. + ([% terms.Bug %] 1259881)
    • +
  • An extension which allows user-controlled data to be used as a link in + tabs could trigger XSS if the data is not correctly sanitized. + [%+ terms. Bugzilla %] no longer relies on the extension to do the sanity + check. A vanilla installation is not affected as no tab is user-controlled. + ([% terms.Bug %] 1250114)
    • +
  • Extensions can now easily override the favicon used for the + [%+ terms.Bugzilla %] website. + ([% terms.Bug %] 1250264)
    • +
+

5.0.2

This release fixes two security issues. See the -- cgit v1.2.1