Bug 1251731 - XSS vulnerability through malicious attachment names

author: David Lawrence <dkl@mozilla.com> 2016-02-29 14:25:31 +0100
committer: Dylan Hardison <dylan@mozilla.com> 2016-02-29 14:31:23 +0100
commit: be2d5f9288337f46255b8543e65694ad8a1afe4c (patch)
tree: 2d4529fab44877d5d49c3044ba9e553dee5a5252 /extensions/Splinter/template/en/default
parent: 110b14a3f96e5ec0511a232022484f7afb691535 (diff)
download: bugzilla-be2d5f9288337f46255b8543e65694ad8a1afe4c.tar.gz
bugzilla-be2d5f9288337f46255b8543e65694ad8a1afe4c.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/Splinter/template/en/default/pages/splinter.html.tmpl b/extensions/Splinter/template/en/default/pages/splinter.html.tmpl
index 14034a184..a6dc9114a 100644
--- a/extensions/Splinter/template/en/default/pages/splinter.html.tmpl
+++ b/extensions/Splinter/template/en/default/pages/splinter.html.tmpl
@@ -102,7 +102,7 @@
       attachment.isPatch = [% attachment.ispatch ? 1 : 0 %];
       attachment.isObsolete = [% attachment.isobsolete ? 1 : 0 %];
       attachment.isPrivate = [% attachment.isprivate ? 1 : 0 %];
-      attachment.isCRLF = [% attach_is_crlf FILTER none %];
+      attachment.isCRLF = [% attach_is_crlf ? 1 : 0 %];
       theBug.attachments.push(attachment);
     [% END %]
author	David Lawrence <dkl@mozilla.com>	2016-02-29 14:25:31 +0100
committer	Dylan Hardison <dylan@mozilla.com>	2016-02-29 14:31:23 +0100
commit	be2d5f9288337f46255b8543e65694ad8a1afe4c (patch)
tree	2d4529fab44877d5d49c3044ba9e553dee5a5252 /extensions/Splinter/template/en/default
parent	110b14a3f96e5ec0511a232022484f7afb691535 (diff)
download	bugzilla-be2d5f9288337f46255b8543e65694ad8a1afe4c.tar.gz bugzilla-be2d5f9288337f46255b8543e65694ad8a1afe4c.tar.xz