diff options
| author | lpsolit%gmail.com <> | 2008-05-05 07:05:48 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2008-05-05 07:05:48 +0200 |
| commit | ecaf3819ef8907f91134d61453f4e31e630c3c30 (patch) | |
| tree | 644bfd5c07bc7365ba798002ec4bd8b6f3a751af | |
| parent | fd87911bb05e072c61628bd313579d06e95f2525 (diff) | |
| download | bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.gz bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.xz | |
Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=wurblzap a=LpSolit
| -rwxr-xr-x | show_bug.cgi | 2 | ||||
| -rw-r--r-- | template/en/default/bug/show-multiple.html.tmpl | 6 | ||||
| -rw-r--r-- | template/en/default/filterexceptions.pl | 1 |
3 files changed, 4 insertions, 5 deletions
diff --git a/show_bug.cgi b/show_bug.cgi index 4e3aac982..782293af5 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -100,7 +100,7 @@ $vars->{'marks'} = \%marks; $vars->{'valid_keywords'} = [map($_->name, Bugzilla::Keyword->get_all)]; $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count(); -my @bugids = map {$_->bug_id} @bugs; +my @bugids = map {$_->bug_id} grep {!$_->error} @bugs; $vars->{'bugids'} = join(", ", @bugids); # Next bug in list (if there is one) diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index 2562903a6..1442cae4f 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -36,12 +36,12 @@ [% ids = [] %] [% FOREACH bug = bugs %] [% PROCESS bug_display %] - [% ids.push(bug.bug_id) %] + [% ids.push(bug.bug_id) UNLESS bug.error %] [% END %] [% IF ids.size > 1 %] <div class="bz_query_buttons"> <form method="post" action="buglist.cgi"> - <input type="hidden" name="bug_id" value="[% ids.join(",") FILTER none %]"> + <input type="hidden" name="bug_id" value="[% ids.join(",") FILTER html %]"> <input type="submit" id="short_format" value="Short Format"> </form> </div> @@ -63,7 +63,7 @@ [% BLOCK bug_display %] <h1> [% terms.Bug %] - <a href="show_bug.cgi?id=[% bug.bug_id %]">[% bug.bug_id %]</a> + <a href="show_bug.cgi?id=[% bug.bug_id FILTER html %]">[% bug.bug_id FILTER html %]</a> [% IF Param("usebugaliases") AND bug.alias AND NOT bug.error %] (<a href="show_bug.cgi?id=[% bug.alias FILTER url_quote %]"> [% bug.alias FILTER html %]</a>) diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 2fb8b48e0..c25e400c3 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -326,7 +326,6 @@ ], 'bug/show-multiple.html.tmpl' => [ - 'bug.bug_id', 'attachment.id', 'flag.status', ], |