Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave

author: lpsolit%gmail.com <> 2006-10-15 05:26:50 +0200
committer: lpsolit%gmail.com <> 2006-10-15 05:26:50 +0200
commit: b1ef63e5bfc0d3995245b42154686db1400b2c22 (patch)
tree: 0db4955b3303c2e5565d6e97e8fac62c63147117 /template/en/default/account/prefs
parent: 40aae68e1263b9677285473a9205cef378b451c0 (diff)
download: bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz
bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz
2 files changed, 8 insertions, 8 deletions
diff --git a/template/en/default/account/prefs/permissions.html.tmpl b/template/en/default/account/prefs/permissions.html.tmpl
index dd6e1785b..77dda1ce4 100644
--- a/template/en/default/account/prefs/permissions.html.tmpl
+++ b/template/en/default/account/prefs/permissions.html.tmpl
@@ -42,8 +42,8 @@
         <table align="center">
           [% FOREACH bit_description = has_bits %]
             <tr>
-              <td>[% bit_description.name %]</td>
-              <td>[% bit_description.desc %]</td>
+              <td>[% bit_description.name FILTER html %]</td>
+              <td>[% bit_description.desc FILTER html_light %]</td>
             </tr>
           [% END %]
         </table>
@@ -63,8 +63,8 @@
           <table align="center">
           [% FOREACH bit_description = set_bits %]
             <tr>
-              <td>[% bit_description.name %]</td>
-              <td>[% bit_description.desc %]</td>
+              <td>[% bit_description.name FILTER html %]</td>
+              <td>[% bit_description.desc FILTER html_light %]</td>
             </tr>
           [% END %]
           </table>
diff --git a/template/en/default/account/prefs/settings.html.tmpl b/template/en/default/account/prefs/settings.html.tmpl
index 3ef9a5852..568dac0cb 100644
--- a/template/en/default/account/prefs/settings.html.tmpl
+++ b/template/en/default/account/prefs/settings.html.tmpl
@@ -49,8 +49,8 @@
         </td>
         <td>
           [% IF settings.${name}.is_enabled %]
-            <select name="[% name %]" id="[% name %]">
-              <option value="[% default_name %]"
+            <select name="[% name FILTER html %]" id="[% name FILTER html %]">
+              <option value="[% default_name FILTER html %]"
                 [% ' selected="selected"' IF settings.${name}.is_default %]>
                 Site Default ([% setting_descs.${default_val} OR default_val FILTER html %])
               </option>
@@ -64,8 +64,8 @@
               [% END %]
             </select>
           [% ELSE %]
-            <select name="[% name %]" id="[% name %]" disabled="disabled">
-              <option value="[% default_name %]">
+            <select name="[% name FILTER html %]" id="[% name FILTER html %]" disabled="disabled">
+              <option value="[% default_name FILTER html %]">
                 Site Default ([% setting_descs.${default_val} OR default_val FILTER html %])
               </option>
             </select>
author	lpsolit%gmail.com <>	2006-10-15 05:26:50 +0200
committer	lpsolit%gmail.com <>	2006-10-15 05:26:50 +0200
commit	b1ef63e5bfc0d3995245b42154686db1400b2c22 (patch)
tree	0db4955b3303c2e5565d6e97e8fac62c63147117 /template/en/default/account/prefs
parent	40aae68e1263b9677285473a9205cef378b451c0 (diff)
download	bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz