diff options
| author |   lpsolit%gmail.com <> | 2008-11-06 00:41:33 +0000 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2008-11-06 00:41:33 +0000 |
| commit | 5128f42a22ebe86ac63910305fa011dc71ad7c20 (patch) | |
| tree | e5b03e3a07cba246abedd06966254ddd330e7465 /template | |
| parent | Bug 381772 - Add hooks for common-links. (diff) | |
| download | bugzilla-5128f42a22ebe86ac63910305fa011dc71ad7c20.tar.gz bugzilla-5128f42a22ebe86ac63910305fa011dc71ad7c20.tar.bz2 bugzilla-5128f42a22ebe86ac63910305fa011dc71ad7c20.zip | |
Bug 449931: [SECURITY] Unprivileged users can approve/unapprove all the quips (including bypassing moderation) - Patch by Robin H. Johnson <robbat2@gentoo.org> r/a=LpSolit
Diffstat (limited to 'template')
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/list/quips.html.tmpl | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index e0db5991b..565ec1b07 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -146,6 +146,8 @@ schedule [% ELSIF action == "use" %] use + [% ELSIF action == "approve" %] + approve [% END %] [% IF object == "administrative_pages" %] diff --git a/template/en/default/list/quips.html.tmpl b/template/en/default/list/quips.html.tmpl index 14cecb26e..d6000d597 100644 --- a/template/en/default/list/quips.html.tmpl +++ b/template/en/default/list/quips.html.tmpl @@ -124,6 +124,9 @@ </a> </td> <td> + <input type="hidden" name="defined_quipid_[% quipid FILTER html %]" + id="defined_quipid_[% quipid FILTER html %]" + value="1"> <input type="checkbox" name="quipid_[% quipid FILTER html %]" id="quipid_[% quipid FILTER html %]" [%- ' checked="checked"' IF quips.$quipid.approved %]> |