diff options
| author |   Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:08:18 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:08:18 +0100 |
| commit | c2247faf05382e338a7efcba85b6278db2e3aa1a (patch) | |
| tree | f36ca8b444361e2a9161433a0d5820449e098f00 | |
| parent | Bug 615627: Make t/012throwables.t know about user errors defined in extensions (diff) | |
| download | bugzilla-c2247faf05382e338a7efcba85b6278db2e3aa1a.tar.gz bugzilla-c2247faf05382e338a7efcba85b6278db2e3aa1a.tar.bz2 bugzilla-c2247faf05382e338a7efcba85b6278db2e3aa1a.zip | |
Bug 731178 (CVE-2012-4199): [SECURITY] field-events.js.tmpl discloses product and component names that the user is not allowed to see
r=dkl a=LpSolit
| -rw-r--r-- | template/en/default/bug/edit.html.tmpl | 11 | ||||
| -rw-r--r-- | template/en/default/bug/field-events.js.tmpl | 18 |
2 files changed, 21 insertions, 8 deletions
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index e11e244f6..de9afb56c 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -8,8 +8,8 @@ [% PROCESS bug/time.html.tmpl %] - <script type="text/javascript"> - <!-- +<script type="text/javascript"> +<!-- [% IF user.is_timetracker %] var fRemainingTime = [% bug.remaining_time %]; // holds the original value function adjustRemainingTime() { @@ -30,6 +30,7 @@ } [% END %] +[% IF user.id %] /* Index all classifications so we can keep track of the classification * for the selected product, which could control field visibility. */ @@ -38,9 +39,9 @@ all_classifications['[% product.name FILTER js %]'] = ' [%- product.classification.name FILTER js %]'; [%- END %] - - //--> - </script> +[% END %] +//--> +</script> <form name="changeform" id="changeform" method="post" action="process_bug.cgi"> diff --git a/template/en/default/bug/field-events.js.tmpl b/template/en/default/bug/field-events.js.tmpl index 003391c34..d37f4257c 100644 --- a/template/en/default/bug/field-events.js.tmpl +++ b/template/en/default/bug/field-events.js.tmpl @@ -13,11 +13,23 @@ #%] [% FOREACH controlled_field = field.controls_visibility_of %] + [% vis_names = [] %] + [% FOREACH visibility_value = controlled_field.visibility_values %] + [%# Exclude non-enterable products and components outside the current product. %] + [% NEXT IF field.name == "product" + && visibility_value.id != product.id + && !user.can_enter_product(visibility_value) %] + [% NEXT IF field.name == "component" && visibility_value.product_id != product.id %] + [% vis_names.push(visibility_value.name) %] + [% END %] + + [% NEXT UNLESS vis_names.size %] + showFieldWhen('[% controlled_field.name FILTER js %]', '[% field.name FILTER js %]', [ - [%- FOREACH visibility_value = controlled_field.visibility_values -%] - '[%- visibility_value.name FILTER js -%]'[% "," UNLESS loop.last %] - [%- END %] + [%~ FOREACH vis_name = vis_names ~%] + '[% vis_name FILTER js %]'[% "," UNLESS loop.last %] + [%~ END ~%] ]); [% END %] |