diff options
| author | lpsolit%gmail.com <> | 2006-10-15 05:26:50 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-15 05:26:50 +0200 |
| commit | b1ef63e5bfc0d3995245b42154686db1400b2c22 (patch) | |
| tree | 0db4955b3303c2e5565d6e97e8fac62c63147117 /template/en/default/bug | |
| parent | 40aae68e1263b9677285473a9205cef378b451c0 (diff) | |
| download | bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz | |
Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
Diffstat (limited to 'template/en/default/bug')
| -rw-r--r-- | template/en/default/bug/create/create.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/bug/edit.html.tmpl | 6 | ||||
| -rw-r--r-- | template/en/default/bug/show-multiple.html.tmpl | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index eb3aea2e4..812abb075 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -526,7 +526,7 @@ function handleWantsAttachment(wants_attachment) { <input type="checkbox" id="bit-[% g.bit %]" name="bit-[% g.bit %]" value="1" [% " checked=\"checked\"" IF g.checked %]> - <label for="bit-[% g.bit %]">[% g.description %]</label><br> + <label for="bit-[% g.bit %]">[% g.description FILTER html_light %]</label><br> [% END %] <br> [% END %] diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index c93d08c2b..12fcb05c8 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -198,7 +198,7 @@ <td> [% get_resolution(bug.resolution) FILTER html %] [% IF bug.resolution == "DUPLICATE" %] - of [% terms.bug %] [%+ "${bug.dup_id}" FILTER bug_link(bug.dup_id) %] + of [% terms.bug %] [%+ "${bug.dup_id}" FILTER bug_link(bug.dup_id) FILTER none %] [% END %] </td> </tr> @@ -619,7 +619,7 @@ name="bit-[% group.bit %]" id="bit-[% group.bit %]" [% " checked=\"checked\"" IF group.ison %] [% " disabled=\"disabled\"" IF NOT group.ingroup %]> - <label for="bit-[% group.bit %]">[% group.description %]</label> + <label for="bit-[% group.bit %]">[% group.description FILTER html_light %]</label> <br> [% END %] [% END %] @@ -683,7 +683,7 @@ </th> <td> [% FOREACH depbug = bug.${dep.fieldname} %] - [% depbug FILTER bug_link(depbug) %][% " " %] + [% depbug FILTER bug_link(depbug) FILTER none %][% " " %] [% END %] </td> <td> diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index 2ebb3a21a..e3d38c022 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -303,7 +303,7 @@ <th>[% terms.Bug %] [%+ field_descs.${name} FILTER html %]:</th> <td> [% FOREACH depbug = bug.${name} %] - [% depbug FILTER bug_link(depbug) %][% ", " IF not loop.last() %] + [% depbug FILTER bug_link(depbug) FILTER none %][% ", " IF not loop.last() %] [% END %] </td> |