diff options
| author | lpsolit%gmail.com <> | 2006-02-21 09:05:56 +0100 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-02-21 09:05:56 +0100 |
| commit | c738859a411c63f64fa931a5275111aeb9d90fd8 (patch) | |
| tree | 6423d386e03be187a65fc71483d28571ba84b2ff /buglist.cgi | |
| parent | 39e8d6dc7a8371433d8260b86ebc12396da1de7a (diff) | |
| download | bugzilla-c738859a411c63f64fa931a5275111aeb9d90fd8.tar.gz bugzilla-c738859a411c63f64fa931a5275111aeb9d90fd8.tar.xz | |
[SECURITY] Bug 313441: Query RSS should HTML-escape summary in <title> - Patch by Phil Ringnalda <philringnalda@gmail.com> r=myk a=justdave
I forgot to specify the bug number in my previous checkin. That was bug 312498.
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/buglist.cgi b/buglist.cgi index 2ff808451..ba105eab8 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -103,6 +103,11 @@ if (defined $cgi->param('format') && $cgi->param('format') eq "rdf" $cgi->delete('format'); } +# Treat requests for ctype=rss as requests for ctype=atom +if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") { + $cgi->param('ctype', "atom"); +} + # The js ctype presents a security risk; a malicious site could use it # to gather information about secure bugs. So, we only allow public bugs to be # retrieved with this format. @@ -683,12 +688,12 @@ if ($format->{'extension'} eq 'ics') { push(@selectcolumns, "opendate") if !grep($_ eq 'opendate', @selectcolumns); } -if ($format->{'extension'} eq 'rss') { - # The title of the RSS feed will be the same one as for the bug list. +if ($format->{'extension'} eq 'atom') { + # The title of the Atom feed will be the same one as for the bug list. $vars->{'title'} = $cgi->param('title'); - # This is the list of fields that are needed by the rss filter. - my @required_rss_columns = ( + # This is the list of fields that are needed by the Atom filter. + my @required_atom_columns = ( 'short_desc', 'opendate', 'changeddate', @@ -699,7 +704,7 @@ if ($format->{'extension'} eq 'rss') { 'bug_status' ); - foreach my $required (@required_rss_columns) { + foreach my $required (@required_atom_columns) { push(@selectcolumns, $required) if !grep($_ eq $required,@selectcolumns); } } @@ -934,7 +939,7 @@ while (my @row = $buglist_sth->fetchrow_array()) { s/^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})$/$1-$2-$3 $4:$5:$6/; # Put in the change date as a time, so that the template date plugin - # can format the date in any way needed by the template. ICS and RSS + # can format the date in any way needed by the template. ICS and Atom # have specific, and different, date and time formatting. $bug->{'changedtime'} = str2time($bug->{'changeddate'}); $bug->{'changeddate'} = DiffDate($bug->{'changeddate'}); |