summaryrefslogtreecommitdiffstats
path: root/template/en/default/bug
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2003-04-25 05:49:27 +0200
committerjustdave%syndicomm.com <>2003-04-25 05:49:27 +0200
commit29021b187f042f023584dd3986c086ca68bef0a2 (patch)
treed6c1c7c114ffe92462ef4f1817c6a87f18e4141c /template/en/default/bug
parent2fac94504175f4964ad254f07e184e00e10eef08 (diff)
downloadbugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.gz
bugzilla-29021b187f042f023584dd3986c086ca68bef0a2.tar.xz
Bug 192677: Add new test to flag failure-to-filter situations in the templates, and correct the XSS holes that were discovered as a
result of it. Patch by Gervase Markham <gerv@mozilla.org> r= myk, bbaetz, justdave a= justdave
Diffstat (limited to 'template/en/default/bug')
-rw-r--r--template/en/default/bug/create/create-guided.html.tmpl6
-rw-r--r--template/en/default/bug/create/create.html.tmpl3
-rw-r--r--template/en/default/bug/create/make-template.html.tmpl2
-rw-r--r--template/en/default/bug/show-multiple.html.tmpl3
4 files changed, 9 insertions, 5 deletions
diff --git a/template/en/default/bug/create/create-guided.html.tmpl b/template/en/default/bug/create/create-guided.html.tmpl
index a716ddca6..7ab7436a7 100644
--- a/template/en/default/bug/create/create-guided.html.tmpl
+++ b/template/en/default/bug/create/create-guided.html.tmpl
@@ -211,8 +211,10 @@ function PutDescription() {
<form method="post" action="post_bug.cgi">
<input type="hidden" name="format" value="guided">
<input type="hidden" name="assigned_to" value="">
- <input type="hidden" name="priority" value="[% default.priority %]">
- <input type="hidden" name="version" value="[% default.version %]">
+ <input type="hidden" name="priority"
+ value="[% default.priority FILTER html %]">
+ <input type="hidden" name="version"
+ value="[% default.version FILTER html %]">
<table valign="top" cellpadding="5" cellspacing="5" border="0">
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index c59cd3a70..fcc894e1e 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -107,7 +107,8 @@
[% sel = { description => 'Priority', name => 'priority' } %]
[% INCLUDE select %]
[% ELSE %]
- <input type="hidden" name="priority" value="[% default.priority %]">
+ <input type="hidden" name="priority"
+ value="[% default.priority FILTER html %]">
[% END %]
[% sel = { description => 'Severity', name => 'bug_severity' } %]
diff --git a/template/en/default/bug/create/make-template.html.tmpl b/template/en/default/bug/create/make-template.html.tmpl
index 1e2495ff8..958d183cc 100644
--- a/template/en/default/bug/create/make-template.html.tmpl
+++ b/template/en/default/bug/create/make-template.html.tmpl
@@ -25,7 +25,7 @@
%]
<p>
-If you bookmark <a href="enter_bug.cgi?[% url %]">this link</a>,
+If you bookmark <a href="enter_bug.cgi?[% url FILTER html %]">this link</a>,
going to the bookmark will bring up the enter bug page with the fields
initialized as you've requested.
</p>
diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl
index a5cdc4dc8..41d824eb3 100644
--- a/template/en/default/bug/show-multiple.html.tmpl
+++ b/template/en/default/bug/show-multiple.html.tmpl
@@ -106,7 +106,8 @@
<tr>
<td colspan="4">
<b>URL:</b>&nbsp;
- <a href="[% bug.bug_file_loc %]">[% bug.bug_file_loc FILTER html %]</a>
+ <a href="[% bug.bug_file_loc FILTER html %]">
+ [% bug.bug_file_loc FILTER html %]</a>
</tr>
<tr>