Bug 503980: show_bug.cgi doesn't properly escape <!-- inside bug summary - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit

author: lpsolit%gmail.com <> 2009-08-10 22:20:25 +0200
committer: lpsolit%gmail.com <> 2009-08-10 22:20:25 +0200
commit: 918a8c245f8d0d7d0926a015aa9a4940c14ebdd3 (patch)
tree: 70e25946c932f933c1b3bf7c6e86382b0a0c5969 /Bugzilla
parent: 7bc9c2e3da4e735b7ca2f35c503a332f681f66d5 (diff)
download: bugzilla-918a8c245f8d0d7d0926a015aa9a4940c14ebdd3.tar.gz
bugzilla-918a8c245f8d0d7d0926a015aa9a4940c14ebdd3.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index f90e472b5..49954a521 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -520,6 +520,7 @@ sub create {
                 $var =~ s/\n/\\n/g;
                 $var =~ s/\r/\\r/g;
                 $var =~ s/\@/\\x40/g; # anti-spam for email addresses
+                $var =~ s/</\\x3c/g;
                 return $var;
             },
author	lpsolit%gmail.com <>	2009-08-10 22:20:25 +0200
committer	lpsolit%gmail.com <>	2009-08-10 22:20:25 +0200
commit	918a8c245f8d0d7d0926a015aa9a4940c14ebdd3 (patch)
tree	70e25946c932f933c1b3bf7c6e86382b0a0c5969 /Bugzilla
parent	7bc9c2e3da4e735b7ca2f35c503a332f681f66d5 (diff)
download	bugzilla-918a8c245f8d0d7d0926a015aa9a4940c14ebdd3.tar.gz bugzilla-918a8c245f8d0d7d0926a015aa9a4940c14ebdd3.tar.xz