diff options
| author | bbaetz%student.usyd.edu.au <> | 2002-04-07 13:13:31 +0200 |
|---|---|---|
| committer | bbaetz%student.usyd.edu.au <> | 2002-04-07 13:13:31 +0200 |
| commit | 91341bcfc6d9e2f06b3abf3f73e05c2c60fbd30e (patch) | |
| tree | ae48a5143c8a977e8a15bc2ad9faf1defd38f70b | |
| parent | ae8a18de80c43febc782c4f398e75fdf89281601 (diff) | |
| download | bugzilla-91341bcfc6d9e2f06b3abf3f73e05c2c60fbd30e.tar.gz bugzilla-91341bcfc6d9e2f06b3abf3f73e05c2c60fbd30e.tar.xz | |
Bug 133423 - Audit templates for FILTER usage
r=gerv, justdave
26 files changed, 48 insertions, 41 deletions
diff --git a/template/default/admin/account_created.tmpl b/template/default/admin/account_created.tmpl index ad4310ec4..46bc82ad2 100644 --- a/template/default/admin/account_created.tmpl +++ b/template/default/admin/account_created.tmpl @@ -25,7 +25,7 @@ <p> A new account, - <tt>[% login %]</tt>, + <tt>[% login FILTER html %]</tt>, has been created and a randomly-generated password has been e-mailed to that address. </p> diff --git a/template/default/admin/account_exists.tmpl b/template/default/admin/account_exists.tmpl index 23b9e0338..a4357a5a0 100644 --- a/template/default/admin/account_exists.tmpl +++ b/template/default/admin/account_exists.tmpl @@ -25,8 +25,8 @@ <form method="get" action="token.cgi"> <input type="hidden" name="a" value="reqpw" /> - <input type="hidden" name="loginname" value="[% login %]" /> - A Bugzilla account for <tt>[% login %]</tt> already exists. If you + <input type="hidden" name="loginname" value="[% login FILTER html %]" /> + A Bugzilla account for <tt>[% login FILTER html %]</tt> already exists. If you are the account holder and have forgotten your password, <input type="submit" value="submit a request to change it" />. </form> diff --git a/template/default/admin/change-password.html.tmpl b/template/default/admin/change-password.html.tmpl index 29d03c030..a8ad930ee 100644 --- a/template/default/admin/change-password.html.tmpl +++ b/template/default/admin/change-password.html.tmpl @@ -26,7 +26,7 @@ </p> <form method="post" action="token.cgi"> - <input type="hidden" name="t" value="[% token %]" /> + <input type="hidden" name="t" value="[% token FILTER html %]" /> <input type="hidden" name="a" value="chgpw" /> <table> <tr> diff --git a/template/default/admin/create_account.tmpl b/template/default/admin/create_account.tmpl index 61ad95b8a..ab35ce53d 100644 --- a/template/default/admin/create_account.tmpl +++ b/template/default/admin/create_account.tmpl @@ -38,7 +38,7 @@ </td> <td> <input size="35" name="login" /> - [% Param('emailsuffix') %] + [% Param('emailsuffix') FILTER html %] </td> </tr> diff --git a/template/default/attachment/created.atml b/template/default/attachment/created.atml index ab5e5ef9c..c46afe06b 100644 --- a/template/default/attachment/created.atml +++ b/template/default/attachment/created.atml @@ -28,7 +28,7 @@ <tr> <td> <h2> - <a title="[% description %]" href="attachment.cgi?id=[% attachid %]&action=edit">Attachment #[% attachid %]</a> + <a title="[% description FILTER html %]" href="attachment.cgi?id=[% attachid %]&action=edit">Attachment #[% attachid %]</a> to <a href="show_bug.cgi?id=[% bugid %]">Bug #[% bugid %]</a> Created </h2> diff --git a/template/default/attachment/edit.atml b/template/default/attachment/edit.atml index 599aff00a..1d06bfb6f 100755 --- a/template/default/attachment/edit.atml +++ b/template/default/attachment/edit.atml @@ -153,10 +153,10 @@ <td width="25%"> <small> <b>Description:</b><br> - <textarea rows="3" cols="25" name="description" wrap="soft">[% description %]</textarea><br> + <textarea rows="3" cols="25" name="description" wrap="soft">[% description FILTER html %]</textarea><br> <b>MIME Type:</b><br> - <input type="text" size="20" name="contenttypeentry" value="[% contenttype %]"><br> + <input type="text" size="20" name="contenttypeentry" value="[% contenttype FILTER html %]"><br> <b>Flags:</b><br> <input type="checkbox" name="ispatch" value="1"[% " checked" IF ispatch %]>patch @@ -165,7 +165,7 @@ [% IF statusdefs.size %] <b>Status:</b><br> [% FOREACH def = statusdefs %] - <input type="checkbox" name="status" value="[% def.id %]"[% " checked" IF statuses.${def.id} %]>[% def.name %]<br> + <input type="checkbox" name="status" value="[% def.id %]"[% " checked" IF statuses.${def.id} %]>[% def.name FILTER html %]<br> [% END %] [% END %] diff --git a/template/default/attachment/list.atml b/template/default/attachment/list.atml index 72006cf29..12eeb03e7 100755 --- a/template/default/attachment/list.atml +++ b/template/default/attachment/list.atml @@ -43,7 +43,7 @@ [% IF attachment.ispatch %] <i>patch</i> [% ELSE %] - [% attachment.contenttype %] + [% attachment.contenttype FILTER html %] [% END %] </td> @@ -55,7 +55,7 @@ <i>none</i> [% ELSE %] [% FOREACH s = attachment.statuses %] - [% s %]<br> + [% s FILTER html %]<br> [% END %] [% END %] </nobr> diff --git a/template/default/attachment/viewall.atml b/template/default/attachment/viewall.atml index 0500a09d4..c3cca2ff3 100755 --- a/template/default/attachment/viewall.atml +++ b/template/default/attachment/viewall.atml @@ -19,10 +19,11 @@ # Contributor(s): Myk Melez <myk@mozilla.org> #%] +[% filtered_summary = bugsummary FILTER html %] [% INCLUDE global/header title = "View All Attachments for Bug #$bugid" h1 = "View All Attachments for <a href=\"show_bug.cgi?id=$bugid\">Bug #$bugid</a>" - h2 = bugsummary + h2 = filtered_summary style = " th { text-align: right; vertical-align: top; } td { text-align: left; vertical-align: top; } @@ -67,7 +68,7 @@ <i>none</i> [% ELSE %] [% FOREACH s = a.statuses %] - [% s %]<br> + [% s FILTER html %]<br> [% END %] [% END %] </nobr> diff --git a/template/default/attachstatus/create.atml b/template/default/attachstatus/create.atml index 128d811dc..7354b3852 100755 --- a/template/default/attachstatus/create.atml +++ b/template/default/attachstatus/create.atml @@ -58,7 +58,7 @@ <td> <select name="product"> [% FOREACH item = products %] - <option value="[% item %]">[% item %]</option> + <option value="[% item FILTER html %]">[% item FILTER html %]</option> [% END %] </select> </td> diff --git a/template/default/attachstatus/delete.atml b/template/default/attachstatus/delete.atml index 19648c6d0..dc50052b9 100644 --- a/template/default/attachstatus/delete.atml +++ b/template/default/attachstatus/delete.atml @@ -20,6 +20,9 @@ # Jeff Hedlund <jeff.hedlund@matrixsi.com> #%] +[%# Filter off the name here to be used multiple times below %] +[% name = name FILTER html %] + [% INCLUDE global/header title = "Confirm Delete of Attachment Status '$name'" %] diff --git a/template/default/attachstatus/edit.atml b/template/default/attachstatus/edit.atml index 366f8eb70..1186d7637 100755 --- a/template/default/attachstatus/edit.atml +++ b/template/default/attachstatus/edit.atml @@ -35,14 +35,14 @@ <tr> <th>Name:</th> <td> - <input type="text" name="name" value="[% name %]" size="50" maxlength="50"> + <input type="text" name="name" value="[% name FILTER html %]" size="50" maxlength="50"> </td> </tr> <tr> <th>Description:</th> <td> - <textarea name="desc" rows="4" cols="50">[% desc %]</textarea> + <textarea name="desc" rows="4" cols="50">[% desc FILTER html %]</textarea> </td> </tr> @@ -56,7 +56,7 @@ <tr> <th>Product:</th> <td> - [% product %] + [% product FILTER html %] </td> </tr> diff --git a/template/default/attachstatus/list.atml b/template/default/attachstatus/list.atml index f2d0a4f51..551ab182a 100755 --- a/template/default/attachstatus/list.atml +++ b/template/default/attachstatus/list.atml @@ -43,7 +43,7 @@ <td>[% statusdef.name FILTER html %]</td> <td>[% statusdef.description FILTER html %]</td> <td>[% statusdef.sortkey %]</td> - <td>[% statusdef.product %]</td> + <td>[% statusdef.product FILTER html %]</td> <td> <a href="editattachstatuses.cgi?action=edit&id=[% statusdef.id %]"> Edit</a> diff --git a/template/default/buglist/buglist.html.tmpl b/template/default/buglist/buglist.html.tmpl index e4afa8e4d..37a202fe5 100644 --- a/template/default/buglist/buglist.html.tmpl +++ b/template/default/buglist/buglist.html.tmpl @@ -43,7 +43,7 @@ [% END %] [% IF quip %] - <a href="quips.cgi"><i>[% quip %]</i></a> + <a href="quips.cgi"><i>[% quip FILTER html %]</i></a> [% END %] </div> diff --git a/template/default/buglist/change-form.tmpl b/template/default/buglist/change-form.tmpl index 8bec88c3e..60c1a2de7 100644 --- a/template/default/buglist/change-form.tmpl +++ b/template/default/buglist/change-form.tmpl @@ -246,8 +246,8 @@ <select name="resolution" onchange="document.forms.changeform.knob[[% knum %]].checked=true"> [% FOREACH resolution = resolutions %] [% NEXT IF !resolution %] - <option value="[% resolution %]" [% selected IF resolution == "FIXED" %]> - [% resolution %] + <option value="[% resolution FILTER html %]" [% selected IF resolution == "FIXED" %]> + [% resolution FILTER html %] </option> [% END %] </select><br /> @@ -279,7 +279,7 @@ Reassign</A> bugs to </label> <input name="assigned_to" - value="[% user %]" + value="[% user FILTER html %]" onchange="document.forms.changeform.knob[[% knum %]].checked = true;" size="32"><br /> diff --git a/template/default/global/header b/template/default/global/header index 5e6a183dd..dfb3cc080 100755 --- a/template/default/global/header +++ b/template/default/global/header @@ -11,7 +11,7 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> - <title>[% title %]</title> + <title>[% title FILTER html %]</title> [% Param('headerhtml') %] diff --git a/template/default/index.tmpl b/template/default/index.tmpl index 2f3603c68..7b00539e8 100644 --- a/template/default/index.tmpl +++ b/template/default/index.tmpl @@ -56,7 +56,7 @@ function addSidebar() { [% IF username %] <a href="[% PerformSubsts(Param('mybugstemplate'), subst) %]">My Bugs</a><br> <a href="userprefs.cgi">Change password or user preferences</a><br> - <a href="relogin.cgi">Logout [% username %]</a><br> + <a href="relogin.cgi">Logout [% username FILTER html %]</a><br> [% ELSE %] <a href="query.cgi?GoAheadAndLogIn=1">Log in to an existing account</a><br> <a href="createaccount.cgi">Open a new Bugzilla account</a><br> diff --git a/template/default/info/describe-components.tmpl b/template/default/info/describe-components.tmpl index 5ee8bf4a0..c9dacca10 100644 --- a/template/default/info/describe-components.tmpl +++ b/template/default/info/describe-components.tmpl @@ -19,9 +19,10 @@ # Contributor(s): Bradley Baetz <bbaetz@student.usyd.edu.au> #%] +[% filtered_product = product FILTER html %] [% INCLUDE global/header - title = "Components for $product" - h2 = product %] + title = "Components for $product" + h2 = filtered_product %] [% IF Param("useqacontact") %] [% numcols = 3 %] @@ -70,7 +71,7 @@ </td> <td> <a href="mailto:[% comp.initialowner %][% Param('emailsuffix') %]"> - [% comp.initialowner %]</a> + [% comp.initialowner FILTER html %]</a> </td> [% IF Param("useqacontact") %] <td> diff --git a/template/default/info/quips.tmpl b/template/default/info/quips.tmpl index 37e9d863f..d05557650 100644 --- a/template/default/info/quips.tmpl +++ b/template/default/info/quips.tmpl @@ -27,7 +27,7 @@ [% IF added_quip %] <p> <font color="red"> - Your quip '<tt>[% added_quip %]</tt>' has been added. + Your quip '<tt>[% added_quip FILTER html %]</tt>' has been added. </font> </p> [% END %] diff --git a/template/default/prefs/account.tmpl b/template/default/prefs/account.tmpl index e436d07a5..2033e86fc 100644 --- a/template/default/prefs/account.tmpl +++ b/template/default/prefs/account.tmpl @@ -69,7 +69,7 @@ [% IF new_login_name %] <tr> <th align="right">Pending email address:</th> - <td>[% new_login_name %]</td> + <td>[% new_login_name FILTER html %]</td> </tr> <tr> <th align="right">Change request expires:</th> diff --git a/template/default/prefs/userprefs.tmpl b/template/default/prefs/userprefs.tmpl index 8992794b1..5d9fc6eb3 100644 --- a/template/default/prefs/userprefs.tmpl +++ b/template/default/prefs/userprefs.tmpl @@ -34,10 +34,11 @@ # displaying anything, and can contain an optional custom # message if required (which Perl still evaluates as True). #%] - + +[% filtered_login = login FILTER html %] [% INCLUDE global/header title = "User Preferences" - h2 = login + h2 = filtered_login style = "td.selected_tab { border-width: 2px 2px 0px; border-style: solid; diff --git a/template/default/show/comments.tmpl b/template/default/show/comments.tmpl index 14828175d..b020caa0f 100644 --- a/template/default/show/comments.tmpl +++ b/template/default/show/comments.tmpl @@ -39,7 +39,7 @@ <br> <i>------- Additional Comment <a name="c[% count %]" href="#c[% count %]">#[% count %]</a> From - <a href="mailto:[% comment.email %]">[% comment.name %]</a> + <a href="mailto:[% comment.email FILTER html %]">[% comment.name FILTER html %]</a> [%+ comment.time %] ------- </i> [% END %] diff --git a/template/default/show/multiple.tmpl b/template/default/show/multiple.tmpl index 2673c5457..8313323aa 100644 --- a/template/default/show/multiple.tmpl +++ b/template/default/show/multiple.tmpl @@ -96,7 +96,7 @@ <td colspan="2"> [% IF Param('usetargetmilestone') %] <b>Target Milestone:</b> - [% bug.target_milestone %] + [% bug.target_milestone FILTER html %] [% END %] </td> </tr> @@ -109,14 +109,14 @@ <tr> <td colspan="4"> - <b>Summary:</b> [% bug.short_desc %] + <b>Summary:</b> [% bug.short_desc FILTER html %] </td> </tr> [% IF use_keywords %] <tr> <td colspan="4"> - <b>Keywords: </b> [% bug.keywords %] + <b>Keywords: </b> [% bug.keywords FILTER html %] </td> </tr> [% END %] @@ -151,6 +151,6 @@ [% BLOCK cell %] <td> <b>[% attr.description%]:</b> - [% bug.${attr.name} %] + [% bug.${attr.name} FILTER html %] </td> [% END %] diff --git a/template/default/show/show_bug.html.tmpl b/template/default/show/show_bug.html.tmpl index c6f7deb2b..9b77c23a2 100644 --- a/template/default/show/show_bug.html.tmpl +++ b/template/default/show/show_bug.html.tmpl @@ -19,11 +19,12 @@ # Contributor(s): Gervase Markham <gerv@gerv.net> #%] +[% filtered_desc = bug.short_desc FILTER html %] [% UNLESS header_done %] [% INCLUDE global/header title = "Bug $bug.bug_id - $bug.short_desc" h1 = "Bugzilla Bug $bug.bug_id" - h2 = bug.short_desc + h2 = filtered_desc extra = navigation_links() %] [% END %] diff --git a/template/default/token/confirmemail.html.tmpl b/template/default/token/confirmemail.html.tmpl index e34a93e63..4d4102968 100644 --- a/template/default/token/confirmemail.html.tmpl +++ b/template/default/token/confirmemail.html.tmpl @@ -27,7 +27,7 @@ </p> <form method="post" action="token.cgi"> - <input type="hidden" name="t" value=[% token %]> + <input type="hidden" name="t" value=[% token FILTER html %]> <input type="hidden" name="a" value="chgem"> <table> <tr> diff --git a/template/default/token/emailchangenew.txt.tmpl b/template/default/token/emailchangenew.txt.tmpl index 9a0a1e8d7..5a5ae2535 100644 --- a/template/default/token/emailchangenew.txt.tmpl +++ b/template/default/token/emailchangenew.txt.tmpl @@ -27,10 +27,10 @@ for the [% oldemailaddress %] account to your address. To confirm the change, visit the following link: -[% Param('urlbase') %]token.cgi?a=cfmem&t=[% token %] +[% Param('urlbase') %]token.cgi?a=cfmem&t=[% token FILTER html %] If you are not the person who made this request, or you wish to cancel this request, visit the following link: -[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token %] +[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER html %] diff --git a/template/default/token/emailchangeold.txt.tmpl b/template/default/token/emailchangeold.txt.tmpl index 661f8f1d4..82ecf1dfc 100644 --- a/template/default/token/emailchangeold.txt.tmpl +++ b/template/default/token/emailchangeold.txt.tmpl @@ -31,5 +31,5 @@ for your account to [% newemailaddress %]. If you are not the person who made this request, or you wish to cancel this request, visit the following link: -[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token %] +[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER html %] |