summaryrefslogtreecommitdiffstats
path: root/template/en/default/bug
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2008-05-05 07:05:48 +0200
committerlpsolit%gmail.com <>2008-05-05 07:05:48 +0200
commitecaf3819ef8907f91134d61453f4e31e630c3c30 (patch)
tree644bfd5c07bc7365ba798002ec4bd8b6f3a751af /template/en/default/bug
parentfd87911bb05e072c61628bd313579d06e95f2525 (diff)
downloadbugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.gz
bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.xz
Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=wurblzap a=LpSolit
Diffstat (limited to 'template/en/default/bug')
-rw-r--r--template/en/default/bug/show-multiple.html.tmpl6
1 files changed, 3 insertions, 3 deletions
diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl
index 2562903a6..1442cae4f 100644
--- a/template/en/default/bug/show-multiple.html.tmpl
+++ b/template/en/default/bug/show-multiple.html.tmpl
@@ -36,12 +36,12 @@
[% ids = [] %]
[% FOREACH bug = bugs %]
[% PROCESS bug_display %]
- [% ids.push(bug.bug_id) %]
+ [% ids.push(bug.bug_id) UNLESS bug.error %]
[% END %]
[% IF ids.size > 1 %]
<div class="bz_query_buttons">
<form method="post" action="buglist.cgi">
- <input type="hidden" name="bug_id" value="[% ids.join(",") FILTER none %]">
+ <input type="hidden" name="bug_id" value="[% ids.join(",") FILTER html %]">
<input type="submit" id="short_format" value="Short Format">
</form>
</div>
@@ -63,7 +63,7 @@
[% BLOCK bug_display %]
<h1>
[% terms.Bug %]
- <a href="show_bug.cgi?id=[% bug.bug_id %]">[% bug.bug_id %]</a>
+ <a href="show_bug.cgi?id=[% bug.bug_id FILTER html %]">[% bug.bug_id FILTER html %]</a>
[% IF Param("usebugaliases") AND bug.alias AND NOT bug.error %]
(<a href="show_bug.cgi?id=[% bug.alias FILTER url_quote %]">
[% bug.alias FILTER html %]</a>)