diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2013-10-16 19:19:12 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2013-10-16 19:19:12 +0200 |
commit | 53eeca9fc9a12ae23a0aa66f1b38021e93d4f03c (patch) | |
tree | 5695c8cf627396b7a442c471fc7429e48a732845 /template/en/default/admin | |
parent | 2a3d79afa020dc49b0e2016b4015cdc94b74eec4 (diff) | |
download | bugzilla-53eeca9fc9a12ae23a0aa66f1b38021e93d4f03c.tar.gz bugzilla-53eeca9fc9a12ae23a0aa66f1b38021e93d4f03c.tar.xz |
Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized when editing flag types if categoryAction-foo is set
r=dkl a=glob
Diffstat (limited to 'template/en/default/admin')
-rw-r--r-- | template/en/default/admin/flag-type/edit.html.tmpl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl index 2cb985a47..de0476e19 100644 --- a/template/en/default/admin/flag-type/edit.html.tmpl +++ b/template/en/default/admin/flag-type/edit.html.tmpl @@ -52,7 +52,7 @@ <form id="flagtype_properties" method="post" action="editflagtypes.cgi"> <input type="hidden" name="action" value="[% action FILTER html %]"> <input type="hidden" name="can_fully_edit" value="[% can_fully_edit FILTER html %]"> - <input type="hidden" name="id" value="[% type.id %]"> + <input type="hidden" name="id" value="[% type.id FILTER html %]"> <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="target_type" value="[% type.target_type FILTER html %]"> <input type="hidden" name="check_clusions" value="[% check_clusions FILTER none %]"> @@ -149,8 +149,8 @@ this type will be sorted when displayed to users in a list; ignore if you don't care what order the types appear in or if you want them to appear in alphabetical order.<br> - <input type="text" name="sortkey" value="[% type.sortkey || 1 %]" size="5" maxlength="5" - [%- ' disabled="disabled"' UNLESS can_fully_edit %]> + <input type="text" name="sortkey" value="[% type.sortkey || 1 FILTER html %]" size="5" + maxlength="5" [% ' disabled="disabled"' UNLESS can_fully_edit %]> </td> </tr> |