Bug 802204 (CVE-2012-4197): [SECURITY] Marking an attachment you cannot see as obsole...

r=gerv a=LpSolit

diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index d6037b3e79898482a976b6891f59595abe07f94d..fb3725aff1867a1e0afbd6e59ea9eddd03ef4bd3 100644 (file)
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -771,11 +771,8 @@ sub validate_obsolete {
         $attachment->validate_can_edit($bug->product_id)
           || ThrowUserError('illegal_attachment_edit', { attach_id => $attachment->id });
 
-        $vars->{'description'} = $attachment->description;
-
         if ($attachment->bug_id != $bug->bug_id) {
             $vars->{'my_bug_id'} = $bug->bug_id;
-            $vars->{'attach_bug_id'} = $attachment->bug_id;
             ThrowCodeError('mismatched_bug_ids_on_obsolete', $vars);
         }
 

diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 3db03fca4a1915cfc6bf4a5314042850594ac2d4..bee2da1a7edcdf0c76a2f0845e884d06cd5f3c85 100644 (file)
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -256,8 +256,7 @@
     setting in [% constants.bz_locations.localconfig FILTER html %].
 
   [% ELSIF error == "mismatched_bug_ids_on_obsolete" %]
-    Attachment [% attach_id FILTER html %] ([% description FILTER html %]) 
-    is attached to [% terms.bug %] [%+ attach_bug_id FILTER html %], 
+    Attachment [% attach_id FILTER html %] is attached to another [% terms.bug %],
     but you tried to flag it as obsolete while creating a new attachment to 
     [% terms.bug %] [%+ my_bug_id FILTER html %].