diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:56:26 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-11-13 18:56:26 +0100 |
commit | 3a3636a8e51513cda6979bf13c02f573d1e9737f (patch) | |
tree | 4d312105703db3c8012d53a85f7ce4415e0f1c80 | |
parent | 47da30332c29a8ad25e4a07353d2adf3ef8c1280 (diff) | |
download | bugzilla-3a3636a8e51513cda6979bf13c02f573d1e9737f.tar.gz bugzilla-3a3636a8e51513cda6979bf13c02f573d1e9737f.tar.xz |
Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped correctly in tabular reports
r=dkl a=LpSolit
-rwxr-xr-x | report.cgi | 2 | ||||
-rw-r--r-- | template/en/default/reports/report-table.html.tmpl | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/report.cgi b/report.cgi index cc43e66e4..5d5033b7d 100755 --- a/report.cgi +++ b/report.cgi @@ -354,5 +354,5 @@ sub get_field_restrictions { my $field = shift; my $cgi = Bugzilla->cgi; - return join('&', map {"$field=$_"} $cgi->param($field)); + return join('&', map {url_quote($field) . '=' . url_quote($_)} $cgi->param($field)); } diff --git a/template/en/default/reports/report-table.html.tmpl b/template/en/default/reports/report-table.html.tmpl index 8a3ab9524..b41753550 100644 --- a/template/en/default/reports/report-table.html.tmpl +++ b/template/en/default/reports/report-table.html.tmpl @@ -102,7 +102,7 @@ YAHOO.util.Event.addListener(window, "load", function() { var myColumnDefs = [ {key:"row_title", label:"", sortable:true, sortOptions: { sortFunction:totalNumberSorter }}, [% FOREACH col = col_names %] - {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER js %]", sortable:true, + {key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER html FILTER js %]", sortable:true, formatter:this.Linkify, sortOptions: { defaultDir: YAHOO.widget.DataTable.CLASS_DESC, sortFunction:totalNumberSorter }}, [% END %] {key:"total", label:"Total", sortable:true, formatter:this.LinkifyTotal, |