summaryrefslogtreecommitdiffstats
path: root/template/en/default/admin
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2013-10-16 19:19:12 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2013-10-16 19:19:12 +0200
commit53eeca9fc9a12ae23a0aa66f1b38021e93d4f03c (patch)
tree5695c8cf627396b7a442c471fc7429e48a732845 /template/en/default/admin
parent2a3d79afa020dc49b0e2016b4015cdc94b74eec4 (diff)
downloadbugzilla-53eeca9fc9a12ae23a0aa66f1b38021e93d4f03c.tar.gz
bugzilla-53eeca9fc9a12ae23a0aa66f1b38021e93d4f03c.tar.xz
Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized when editing flag types if categoryAction-foo is set
r=dkl a=glob
Diffstat (limited to 'template/en/default/admin')
-rw-r--r--template/en/default/admin/flag-type/edit.html.tmpl6
1 files changed, 3 insertions, 3 deletions
diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index 2cb985a47..de0476e19 100644
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -52,7 +52,7 @@
<form id="flagtype_properties" method="post" action="editflagtypes.cgi">
<input type="hidden" name="action" value="[% action FILTER html %]">
<input type="hidden" name="can_fully_edit" value="[% can_fully_edit FILTER html %]">
- <input type="hidden" name="id" value="[% type.id %]">
+ <input type="hidden" name="id" value="[% type.id FILTER html %]">
<input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="target_type" value="[% type.target_type FILTER html %]">
<input type="hidden" name="check_clusions" value="[% check_clusions FILTER none %]">
@@ -149,8 +149,8 @@
this type will be sorted when displayed to users in a list; ignore if you
don't care what order the types appear in or if you want them to appear
in alphabetical order.<br>
- <input type="text" name="sortkey" value="[% type.sortkey || 1 %]" size="5" maxlength="5"
- [%- ' disabled="disabled"' UNLESS can_fully_edit %]>
+ <input type="text" name="sortkey" value="[% type.sortkey || 1 FILTER html %]" size="5"
+ maxlength="5" [% ' disabled="disabled"' UNLESS can_fully_edit %]>
</td>
</tr>