From 2e0af1787d084e6fd455e117b52d82bfc01645ab Mon Sep 17 00:00:00 2001
From: Kohei Tamura <ktamura.biz.80@gmail.com>
Date: Fri, 8 Sep 2017 14:57:59 +0900
Subject: [PATCH] Fix incorrect note for mail header injection

---
 src/main/resources/messages_en.properties | 2 +-
 src/main/resources/messages_ja.properties | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties
index 078d7cb6..8b4d8035 100644
--- a/src/main/resources/messages_en.properties
+++ b/src/main/resources/messages_en.properties
@@ -147,7 +147,7 @@ msg.note.sql.injection=You can see a secret number if you enter <code>Mark</code
 You can see other users information if you enter password to <code>' OR '1'='1</code>
 msg.note.ldap.injection=You can login with <code>admin</code> and <code>password</code>. \
 You can bypass authentication and login with <code>*)(|(objectClass=*</code> and password to <code>aaaaaaa)</code>.
-msg.note.mail.header.injection=If you change the type attribute of the subject field's input tag to textarea by browser's developer mode and set it to <code>[subject][line break]Bcc: [a mail address]</code>, then you can send a mail to the address.
+msg.note.mail.header.injection=If you change the input tag of the subject field to a textarea tag by browser's developer mode and set it to <code>[subject][line break]Bcc: [a mail address]</code>, then you can send a mail to the address.
 msg.note.mojibake=Mojibake occurs if you enter a multi-byte string.
 msg.note.null.byte.injection=If using Java earlier than version 1.7.0_40 and you add <code>fileName=../WEB-INF/web.xml%00</code> to the query string, you can download a file which includes the content of web.xml.
 msg.note.open.redirect=You can login with <code>admin</code> and <code>password</code>. \
diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties
index ea43d2ba..ff8f8cab 100644
--- a/src/main/resources/messages_ja.properties
+++ b/src/main/resources/messages_ja.properties
@@ -140,7 +140,7 @@ msg.note.sql.injection=<code>Mark</code> \u3068 <code>password</code>\u3092\u516
 \u30d1\u30b9\u30ef\u30fc\u30c9\u306b <code>' OR '1'='1</code> \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u60c5\u5831\u304c\u8868\u793a\u3067\u304d\u307e\u3059\u3002
 msg.note.ldap.injection=<code>admin</code> \u3068 <code>password</code>\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\
 <code>*)(|(objectClass=*</code>\u3001<code>aaaaaaa)</code> \u3092\u5165\u529b\u3059\u308b\u3068\u3001\u8a8d\u8a3c\u3092\u8fc2\u56de\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002
-msg.note.mail.header.injection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u306einput\u30bf\u30b0\u306etype\u5c5e\u6027\u3092textarea\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002
+msg.note.mail.header.injection=\u30d6\u30e9\u30a6\u30b6\u306e\u958b\u767a\u8005\u30e2\u30fc\u30c9\u3067\u4ef6\u540d\u306einput\u30bf\u30b0\u3092textarea\u30bf\u30b0\u306b\u5909\u66f4\u3057\u3001\u300c[\u4efb\u610f\u4ef6\u540d][\u6539\u884c]Bcc: [\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u300d\u3092\u5165\u529b\u3057\u3066\u9001\u4fe1\u3059\u308b\u3068\u3001[\u4efb\u610f\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9]\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u307e\u3059\u3002
 msg.note.mojibake=\u6587\u5b57\u5217\u306b\u65e5\u672c\u8a9e\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u6587\u5b57\u5316\u3051\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 msg.note.null.byte.injection=\u30d0\u30fc\u30b8\u30e7\u30f31.7.0_40\u3088\u308a\u524d\u306eJava\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30af\u30a8\u30ea\u30b9\u30c8\u30ea\u30f3\u30b0\u306b <code>fileName=../WEB-INF/web.xml%00</code> \u3092\u4ed8\u52a0\u3059\u308b\u3068\u3001web.xml\u306e\u5185\u5bb9\u3092\u542b\u3080\u30d5\u30a1\u30a4\u30eb\u304c\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u3059\u3002
 msg.note.session.fixation=<code>admin</code> \u3068 <code>password</code>\u3092\u5165\u529b\u3059\u308b\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002\