head	1.2;
access;
symbols;
locks; strict;
comment	@# @;


1.2
date	2012.07.29.09.58.08;	author ohauer;	state dead;
branches;
next	1.1;

1.1
date	2012.07.28.20.44.43;	author ohauer;	state Exp;
branches;
next	;


desc
@@


1.2
log
@SVN rev 301682 on 2012-07-29 09:58:08Z by ohauer

- update to official release (just published)
@
text
@====================================================
This patch is fix security issues in the german
bugzilla language templates (4.0.5 -> 4.0.7)

--- ./de/default/global/confirm-user-match.html.tmpl.orig	2012-07-27 21:42:53.000000000 +0200
+++ ./de/default/global/confirm-user-match.html.tmpl	2012-07-27 21:44:33.000000000 +0200
@@@@ -159,8 +159,6 @@@@
                 [% ELSE %]
                   passte zu
                   <b>[% query.value.users.0.identity FILTER html %]</b>
-                  <input type="hidden" name="[% field.key FILTER html %]"
-                         value="[% query.value.users.0.login FILTER html %]">
                 [% END %]
             [% ELSE %]
                 [% IF (query.key.length < 3) && !Param('emailsuffix') %]
@@@@ -186,8 +184,10 @@@@
 
 [% IF matchsuccess == 1 %]
 
-  [% SET exclude_these =
-           matches.keys.merge(['Bugzilla_login', 'Bugzilla_password']) %]
+  [% SET exclude_these = ['Bugzilla_login', 'Bugzilla_password'] %]
+  [% FOREACH key IN matches.keys %]
+    [% exclude_these.push(key) IF cgi.param(key) == '' %]
+  [% END %]
   [% SET exclude = '^' _ exclude_these.join('|') _ '$' %]
   [% PROCESS "global/hidden-fields.html.tmpl" exclude = exclude %]
 
@


1.1
log
@SVN rev 301669 on 2012-07-28 20:44:43Z by ohauer

- patch language templates so they match current bugzilla.
- patch language templates so they match current bugzilla version.

  Patches are seen as workaround until official Version is released.
  Fix for bugzilla42 contains security updates.
@
text
@@

