diff options
author | lpsolit%gmail.com <> | 2006-10-15 05:48:47 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-15 05:48:47 +0200 |
commit | b0ddda44bee03e94f04368dd68e8c0784de4a945 (patch) | |
tree | a1df1928c46bbe1b99cb06bad981dc69c13bc65d | |
parent | b1ef63e5bfc0d3995245b42154686db1400b2c22 (diff) | |
download | bugzilla-b0ddda44bee03e94f04368dd68e8c0784de4a945.tar.gz bugzilla-b0ddda44bee03e94f04368dd68e8c0784de4a945.tar.xz |
Bug 330555: [SECURITY] H1, H2 and H3 are not filtered in global/header.html.tmpl - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
-rw-r--r-- | template/en/default/admin/flag-type/edit.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/admin/groups/edit.html.tmpl | 3 | ||||
-rw-r--r-- | template/en/default/admin/groups/remove.html.tmpl | 10 | ||||
-rw-r--r-- | template/en/default/admin/users/confirm-delete.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/admin/users/edit.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/bug/create/create.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/bug/show.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/filterexceptions.pl | 1 | ||||
-rw-r--r-- | template/en/default/global/header.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/reports/duplicates.html.tmpl | 5 |
10 files changed, 26 insertions, 13 deletions
diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl index b7ff82949..942fb3b09 100644 --- a/template/en/default/admin/flag-type/edit.html.tmpl +++ b/template/en/default/admin/flag-type/edit.html.tmpl @@ -35,9 +35,9 @@ [% END %] [% IF last_action == "copy" %] - [% title = "Create Flag Type Based on $type.name" %] + [% title = BLOCK %]Create Flag Type Based on [% type.name FILTER html %][% END %] [% ELSIF last_action == "edit" %] - [% title = "Edit Flag Type $type.name" %] + [% title = BLOCK %]Edit Flag Type [% type.name FILTER html %][% END %] [% END %] [% PROCESS global/header.html.tmpl diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl index a66e78fde..c1d032e1a 100644 --- a/template/en/default/admin/groups/edit.html.tmpl +++ b/template/en/default/admin/groups/edit.html.tmpl @@ -41,9 +41,10 @@ # be aware of the group being edited and its members. #%] +[% title = BLOCK %]Change Group: [% name FILTER html %][% END %] [% PROCESS global/header.html.tmpl - title = "Change Group: $name" + title = title style = "tr.odd_row { background: #e9e9e9; } diff --git a/template/en/default/admin/groups/remove.html.tmpl b/template/en/default/admin/groups/remove.html.tmpl index 0eed2d9fb..8c41333e4 100644 --- a/template/en/default/admin/groups/remove.html.tmpl +++ b/template/en/default/admin/groups/remove.html.tmpl @@ -33,11 +33,13 @@ [% IF remove_all %] - [% title = "Removing All Explicit Group Memberships from '" - _ name _ "'" %] + [% title = BLOCK %] + Removing All Explicit Group Memberships from '[% name FILTER html %]' + [% END %] [% ELSE %] - [% title = "Removing All Explicit Group Memberships Matching " - _ "Group RegExp from '" _ name _ "'" %] + [% title = BLOCK %] + Removing All Explicit Group Memberships Matching Group RegExp from '[% name FILTER html %]' + [% END %] [% END %] [% PROCESS global/header.html.tmpl %] diff --git a/template/en/default/admin/users/confirm-delete.html.tmpl b/template/en/default/admin/users/confirm-delete.html.tmpl index 02efdb82a..6f0a565ca 100644 --- a/template/en/default/admin/users/confirm-delete.html.tmpl +++ b/template/en/default/admin/users/confirm-delete.html.tmpl @@ -44,8 +44,10 @@ # created #%] +[% title = BLOCK %]Confirm deletion of user [% otheruser.login FILTER html %][% END %] + [% PROCESS global/header.html.tmpl - title = "Confirm deletion of user $otheruser.login" + title = title style_urls = ['skins/standard/admin.css', 'skins/standard/editusers.css'] %] diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl index c35bb691f..b0cc21082 100644 --- a/template/en/default/admin/users/edit.html.tmpl +++ b/template/en/default/admin/users/edit.html.tmpl @@ -25,8 +25,10 @@ # canbless) for viewed user. #%] +[% title = BLOCK %]Edit user [% otheruser.login FILTER html %][% END %] + [% PROCESS global/header.html.tmpl - title = "Edit user $login" + title = title message = message style_urls = ['skins/standard/editusers.css'] %] diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index 812abb075..62f8004f2 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -26,8 +26,10 @@ [% PROCESS "global/field-descs.none.tmpl" %] +[% title = BLOCK %]Enter [% terms.Bug %]: [% product.name FILTER html %][% END %] + [% PROCESS global/header.html.tmpl - title = "Enter $terms.Bug: $product.name" + title = title style_urls = [ 'skins/standard/create_attachment.css' ] javascript_urls = [ "js/attachment.js" ] %] diff --git a/template/en/default/bug/show.html.tmpl b/template/en/default/bug/show.html.tmpl index eb7457a7c..07b71c8fa 100644 --- a/template/en/default/bug/show.html.tmpl +++ b/template/en/default/bug/show.html.tmpl @@ -31,7 +31,7 @@ [% filtered_desc = bug.short_desc FILTER html %] [% filtered_timestamp = bug.delta_ts FILTER time %] [% PROCESS global/header.html.tmpl - title = "$terms.Bug $bug.bug_id - $bug.short_desc" + title = "$terms.Bug $bug.bug_id - $filtered_desc" h1 = "$terms.Bug $bug.bug_id" h2 = filtered_desc h3 = "Last modified: $filtered_timestamp" diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index c03704e72..e80c758cd 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -232,6 +232,7 @@ 'javascript', 'style', 'onload', + 'title', 'h1', 'h2', 'h3', diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl index c84f503d0..9b9420ced 100644 --- a/template/en/default/global/header.html.tmpl +++ b/template/en/default/global/header.html.tmpl @@ -62,7 +62,7 @@ "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> - <title>[% title FILTER html %]</title> + <title>[% title %]</title> [%# Migration note: contents of the old Param 'headerhtml' would go here %] diff --git a/template/en/default/reports/duplicates.html.tmpl b/template/en/default/reports/duplicates.html.tmpl index 72f79e255..f60f28558 100644 --- a/template/en/default/reports/duplicates.html.tmpl +++ b/template/en/default/reports/duplicates.html.tmpl @@ -36,12 +36,15 @@ [% PROCESS global/variables.none.tmpl %] [% IF query_products.size %] - [% title = "Most Frequently Reported $terms.Bugs for ${query_products.join(', ')}" %] + [% title = BLOCK %] + Most Frequently Reported [% terms.Bugs %] for [% query_products.join(', ') FILTER html %] + [% END %] [% ELSE %] [% title = "Most Frequently Reported $terms.Bugs" %] [% END%] [% PROCESS global/header.html.tmpl + title = title style = ".resolved { background-color: #d9d9d9; color: #000000; }" %] |