Bug 207044 - Filter more template directives. None of these are security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.

author: gerv%gerv.net <> 2003-09-07 04:23:09 +0200
committer: gerv%gerv.net <> 2003-09-07 04:23:09 +0200
commit: 026539311662235ea26f5f3cfe885322846db6fb (patch)
tree: 97ded73af263f79157ec928cc0fc56c82e8b9334 /template/en/default/admin/flag-type/edit.html.tmpl
parent: 94266c521b3e388b41f3dd6f74948a9ec71997d5 (diff)
download: bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.gz
bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.xz
1 files changed, 12 insertions, 5 deletions
diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index a56c3bb65..58519466d 100644
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -67,10 +67,10 @@
   <input type="hidden" name="id" value="[% type.id %]">
   <input type="hidden" name="target_type" value="[% type.target_type %]">
   [% FOREACH category = type.inclusions %]
-    <input type="hidden" name="inclusions" value="[% category %]">
+    <input type="hidden" name="inclusions" value="[% category FILTER html %]">
   [% END %]
   [% FOREACH category = type.exclusions %]
-    <input type="hidden" name="exclusions" value="[% category %]">
+    <input type="hidden" name="exclusions" value="[% category FILTER html %]">
   [% END %]
 
   <table id="form" cellspacing="0" cellpadding="4" border="0">
@@ -105,13 +105,17 @@
               <select name="product" onchange="selectProduct(this.form, 'product', 'component', '__Any__');">
                 <option value="">__Any__</option>
                 [% FOREACH item = products %]
-                  <option value="[% item %]" [% "selected" IF type.product.name == item %]>[% item %]</option>
+                  <option value="[% item FILTER html %]" 
+                          [% "selected" IF type.product.name == item %]>
+                          [% item FILTER html %]</option>
                 [% END %]
               </select><br>
               <select name="component">
                 <option value="">__Any__</option>
                 [% FOREACH item = components %]
-                  <option value="[% item %]" [% "selected" IF type.component.name == item %]>[% item %]</option>
+                  <option value="[% item FILTER html %]" 
+                          [% "selected" IF type.component.name == item %]>
+                          [% item FILTER html %]</option>
                 [% END %]
               </select><br>
               <input type="submit" name="categoryAction" value="Include">
@@ -186,7 +190,10 @@
     <tr>
       <th></th>
       <td>
-        <input type="submit" value="[% (last_action == "enter" || last_action == "copy") ? "Create" : "Save Changes" %]">
+        <input type="submit" value="        
+          [% IF (last_action == "enter" || last_action == "copy") %]Create 
+          [% ELSE %]Save Changes 
+          [% END %]">
       </td>
     </tr>
author	gerv%gerv.net <>	2003-09-07 04:23:09 +0200
committer	gerv%gerv.net <>	2003-09-07 04:23:09 +0200
commit	026539311662235ea26f5f3cfe885322846db6fb (patch)
tree	97ded73af263f79157ec928cc0fc56c82e8b9334 /template/en/default/admin/flag-type/edit.html.tmpl
parent	94266c521b3e388b41f3dd6f74948a9ec71997d5 (diff)
download	bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.gz bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.xz