diff options
author | lpsolit%gmail.com <> | 2006-10-15 05:26:50 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-15 05:26:50 +0200 |
commit | b1ef63e5bfc0d3995245b42154686db1400b2c22 (patch) | |
tree | 0db4955b3303c2e5565d6e97e8fac62c63147117 /template/en/default/admin/settings/edit.html.tmpl | |
parent | 40aae68e1263b9677285473a9205cef378b451c0 (diff) | |
download | bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz |
Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
Diffstat (limited to 'template/en/default/admin/settings/edit.html.tmpl')
-rw-r--r-- | template/en/default/admin/settings/edit.html.tmpl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/template/en/default/admin/settings/edit.html.tmpl b/template/en/default/admin/settings/edit.html.tmpl index 68c8577b0..9ca9226e7 100644 --- a/template/en/default/admin/settings/edit.html.tmpl +++ b/template/en/default/admin/settings/edit.html.tmpl @@ -64,7 +64,7 @@ page, and the Default Value will automatically apply to everyone. [% setting_descs.$name OR name FILTER html %] </td> <td> - <select name="[% name %]" id="[% name %]"> + <select name="[% name FILTER html %]" id="[% name FILTER html %]"> [% FOREACH x = settings.${name}.legal_values %] <option value="[% x FILTER html %]" [% " selected=\"selected\"" IF x == settings.${name}.default_value %]> @@ -75,8 +75,8 @@ page, and the Default Value will automatically apply to everyone. </td> <td align="center"> <input type="checkbox" - name="[% checkbox_name %]" - id="[% checkbox_name %]" + name="[% checkbox_name FILTER html %]" + id="[% checkbox_name FILTER html %]" [% " checked=\"checked\"" IF settings.${name}.is_enabled %]> <br> </td> |