summaryrefslogtreecommitdiffstats
path: root/template/en/default/account/prefs
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 05:26:50 +0200
committerlpsolit%gmail.com <>2006-10-15 05:26:50 +0200
commitb1ef63e5bfc0d3995245b42154686db1400b2c22 (patch)
tree0db4955b3303c2e5565d6e97e8fac62c63147117 /template/en/default/account/prefs
parent40aae68e1263b9677285473a9205cef378b451c0 (diff)
downloadbugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz
bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz
Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
Diffstat (limited to 'template/en/default/account/prefs')
-rw-r--r--template/en/default/account/prefs/permissions.html.tmpl8
-rw-r--r--template/en/default/account/prefs/settings.html.tmpl8
2 files changed, 8 insertions, 8 deletions
diff --git a/template/en/default/account/prefs/permissions.html.tmpl b/template/en/default/account/prefs/permissions.html.tmpl
index dd6e1785b..77dda1ce4 100644
--- a/template/en/default/account/prefs/permissions.html.tmpl
+++ b/template/en/default/account/prefs/permissions.html.tmpl
@@ -42,8 +42,8 @@
<table align="center">
[% FOREACH bit_description = has_bits %]
<tr>
- <td>[% bit_description.name %]</td>
- <td>[% bit_description.desc %]</td>
+ <td>[% bit_description.name FILTER html %]</td>
+ <td>[% bit_description.desc FILTER html_light %]</td>
</tr>
[% END %]
</table>
@@ -63,8 +63,8 @@
<table align="center">
[% FOREACH bit_description = set_bits %]
<tr>
- <td>[% bit_description.name %]</td>
- <td>[% bit_description.desc %]</td>
+ <td>[% bit_description.name FILTER html %]</td>
+ <td>[% bit_description.desc FILTER html_light %]</td>
</tr>
[% END %]
</table>
diff --git a/template/en/default/account/prefs/settings.html.tmpl b/template/en/default/account/prefs/settings.html.tmpl
index 3ef9a5852..568dac0cb 100644
--- a/template/en/default/account/prefs/settings.html.tmpl
+++ b/template/en/default/account/prefs/settings.html.tmpl
@@ -49,8 +49,8 @@
</td>
<td>
[% IF settings.${name}.is_enabled %]
- <select name="[% name %]" id="[% name %]">
- <option value="[% default_name %]"
+ <select name="[% name FILTER html %]" id="[% name FILTER html %]">
+ <option value="[% default_name FILTER html %]"
[% ' selected="selected"' IF settings.${name}.is_default %]>
Site Default ([% setting_descs.${default_val} OR default_val FILTER html %])
</option>
@@ -64,8 +64,8 @@
[% END %]
</select>
[% ELSE %]
- <select name="[% name %]" id="[% name %]" disabled="disabled">
- <option value="[% default_name %]">
+ <select name="[% name FILTER html %]" id="[% name FILTER html %]" disabled="disabled">
+ <option value="[% default_name FILTER html %]">
Site Default ([% setting_descs.${default_val} OR default_val FILTER html %])
</option>
</select>