summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 05:48:47 +0200
committerlpsolit%gmail.com <>2006-10-15 05:48:47 +0200
commitb0ddda44bee03e94f04368dd68e8c0784de4a945 (patch)
treea1df1928c46bbe1b99cb06bad981dc69c13bc65d
parentb1ef63e5bfc0d3995245b42154686db1400b2c22 (diff)
downloadbugzilla-b0ddda44bee03e94f04368dd68e8c0784de4a945.tar.gz
bugzilla-b0ddda44bee03e94f04368dd68e8c0784de4a945.tar.xz
Bug 330555: [SECURITY] H1, H2 and H3 are not filtered in global/header.html.tmpl - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
-rw-r--r--template/en/default/admin/flag-type/edit.html.tmpl4
-rw-r--r--template/en/default/admin/groups/edit.html.tmpl3
-rw-r--r--template/en/default/admin/groups/remove.html.tmpl10
-rw-r--r--template/en/default/admin/users/confirm-delete.html.tmpl4
-rw-r--r--template/en/default/admin/users/edit.html.tmpl4
-rw-r--r--template/en/default/bug/create/create.html.tmpl4
-rw-r--r--template/en/default/bug/show.html.tmpl2
-rw-r--r--template/en/default/filterexceptions.pl1
-rw-r--r--template/en/default/global/header.html.tmpl2
-rw-r--r--template/en/default/reports/duplicates.html.tmpl5
10 files changed, 26 insertions, 13 deletions
diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index b7ff82949..942fb3b09 100644
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -35,9 +35,9 @@
[% END %]
[% IF last_action == "copy" %]
- [% title = "Create Flag Type Based on $type.name" %]
+ [% title = BLOCK %]Create Flag Type Based on [% type.name FILTER html %][% END %]
[% ELSIF last_action == "edit" %]
- [% title = "Edit Flag Type $type.name" %]
+ [% title = BLOCK %]Edit Flag Type [% type.name FILTER html %][% END %]
[% END %]
[% PROCESS global/header.html.tmpl
diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl
index a66e78fde..c1d032e1a 100644
--- a/template/en/default/admin/groups/edit.html.tmpl
+++ b/template/en/default/admin/groups/edit.html.tmpl
@@ -41,9 +41,10 @@
# be aware of the group being edited and its members.
#%]
+[% title = BLOCK %]Change Group: [% name FILTER html %][% END %]
[% PROCESS global/header.html.tmpl
- title = "Change Group: $name"
+ title = title
style = "tr.odd_row {
background: #e9e9e9;
}
diff --git a/template/en/default/admin/groups/remove.html.tmpl b/template/en/default/admin/groups/remove.html.tmpl
index 0eed2d9fb..8c41333e4 100644
--- a/template/en/default/admin/groups/remove.html.tmpl
+++ b/template/en/default/admin/groups/remove.html.tmpl
@@ -33,11 +33,13 @@
[% IF remove_all %]
- [% title = "Removing All Explicit Group Memberships from '"
- _ name _ "'" %]
+ [% title = BLOCK %]
+ Removing All Explicit Group Memberships from '[% name FILTER html %]'
+ [% END %]
[% ELSE %]
- [% title = "Removing All Explicit Group Memberships Matching "
- _ "Group RegExp from '" _ name _ "'" %]
+ [% title = BLOCK %]
+ Removing All Explicit Group Memberships Matching Group RegExp from '[% name FILTER html %]'
+ [% END %]
[% END %]
[% PROCESS global/header.html.tmpl %]
diff --git a/template/en/default/admin/users/confirm-delete.html.tmpl b/template/en/default/admin/users/confirm-delete.html.tmpl
index 02efdb82a..6f0a565ca 100644
--- a/template/en/default/admin/users/confirm-delete.html.tmpl
+++ b/template/en/default/admin/users/confirm-delete.html.tmpl
@@ -44,8 +44,10 @@
# created
#%]
+[% title = BLOCK %]Confirm deletion of user [% otheruser.login FILTER html %][% END %]
+
[% PROCESS global/header.html.tmpl
- title = "Confirm deletion of user $otheruser.login"
+ title = title
style_urls = ['skins/standard/admin.css',
'skins/standard/editusers.css']
%]
diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl
index c35bb691f..b0cc21082 100644
--- a/template/en/default/admin/users/edit.html.tmpl
+++ b/template/en/default/admin/users/edit.html.tmpl
@@ -25,8 +25,10 @@
# canbless) for viewed user.
#%]
+[% title = BLOCK %]Edit user [% otheruser.login FILTER html %][% END %]
+
[% PROCESS global/header.html.tmpl
- title = "Edit user $login"
+ title = title
message = message
style_urls = ['skins/standard/editusers.css']
%]
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index 812abb075..62f8004f2 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -26,8 +26,10 @@
[% PROCESS "global/field-descs.none.tmpl" %]
+[% title = BLOCK %]Enter [% terms.Bug %]: [% product.name FILTER html %][% END %]
+
[% PROCESS global/header.html.tmpl
- title = "Enter $terms.Bug: $product.name"
+ title = title
style_urls = [ 'skins/standard/create_attachment.css' ]
javascript_urls = [ "js/attachment.js" ]
%]
diff --git a/template/en/default/bug/show.html.tmpl b/template/en/default/bug/show.html.tmpl
index eb7457a7c..07b71c8fa 100644
--- a/template/en/default/bug/show.html.tmpl
+++ b/template/en/default/bug/show.html.tmpl
@@ -31,7 +31,7 @@
[% filtered_desc = bug.short_desc FILTER html %]
[% filtered_timestamp = bug.delta_ts FILTER time %]
[% PROCESS global/header.html.tmpl
- title = "$terms.Bug $bug.bug_id - $bug.short_desc"
+ title = "$terms.Bug $bug.bug_id - $filtered_desc"
h1 = "$terms.Bug&nbsp;$bug.bug_id"
h2 = filtered_desc
h3 = "Last modified: $filtered_timestamp"
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index c03704e72..e80c758cd 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -232,6 +232,7 @@
'javascript',
'style',
'onload',
+ 'title',
'h1',
'h2',
'h3',
diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl
index c84f503d0..9b9420ced 100644
--- a/template/en/default/global/header.html.tmpl
+++ b/template/en/default/global/header.html.tmpl
@@ -62,7 +62,7 @@
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
- <title>[% title FILTER html %]</title>
+ <title>[% title %]</title>
[%# Migration note: contents of the old Param 'headerhtml' would go here %]
diff --git a/template/en/default/reports/duplicates.html.tmpl b/template/en/default/reports/duplicates.html.tmpl
index 72f79e255..f60f28558 100644
--- a/template/en/default/reports/duplicates.html.tmpl
+++ b/template/en/default/reports/duplicates.html.tmpl
@@ -36,12 +36,15 @@
[% PROCESS global/variables.none.tmpl %]
[% IF query_products.size %]
- [% title = "Most Frequently Reported $terms.Bugs for ${query_products.join(', ')}" %]
+ [% title = BLOCK %]
+ Most Frequently Reported [% terms.Bugs %] for [% query_products.join(', ') FILTER html %]
+ [% END %]
[% ELSE %]
[% title = "Most Frequently Reported $terms.Bugs" %]
[% END%]
[% PROCESS global/header.html.tmpl
+ title = title
style = ".resolved { background-color: #d9d9d9; color: #000000; }"
%]