diff options
author | lpsolit%gmail.com <> | 2006-02-21 09:05:56 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-02-21 09:05:56 +0100 |
commit | c738859a411c63f64fa931a5275111aeb9d90fd8 (patch) | |
tree | 6423d386e03be187a65fc71483d28571ba84b2ff /template/en/default/list/list.atom.tmpl | |
parent | 39e8d6dc7a8371433d8260b86ebc12396da1de7a (diff) | |
download | bugzilla-c738859a411c63f64fa931a5275111aeb9d90fd8.tar.gz bugzilla-c738859a411c63f64fa931a5275111aeb9d90fd8.tar.xz |
[SECURITY] Bug 313441: Query RSS should HTML-escape summary in <title> - Patch by Phil Ringnalda <philringnalda@gmail.com> r=myk a=justdave
I forgot to specify the bug number in my previous checkin. That was bug 312498.
Diffstat (limited to 'template/en/default/list/list.atom.tmpl')
-rw-r--r-- | template/en/default/list/list.atom.tmpl | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/template/en/default/list/list.atom.tmpl b/template/en/default/list/list.atom.tmpl new file mode 100644 index 000000000..367f2858f --- /dev/null +++ b/template/en/default/list/list.atom.tmpl @@ -0,0 +1,88 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is Netscape Communications + # Corporation. Portions created by Netscape are + # Copyright (C) 1998 Netscape Communications Corporation. All + # Rights Reserved. + # + # Contributor(s): Walter Hoehn <wassa@columbia.edu> + # John Belmonte <john@neggie.net> + # Jason Remillard <jremillardshop@letterboxes.org> + # Phil Ringnalda <bugzilla@philringnalda.com> + # + # This is a template for generating an Atom representation of a buglist. + #%] + +[% PROCESS global/variables.none.tmpl %] +[% USE date %] + +[% DEFAULT title = "$terms.Bugzilla $terms.Bugs" %] + +<?xml version="1.0"[% IF Param('utf8') %] encoding="UTF-8"[% END %]?> +<feed xmlns="http://www.w3.org/2005/Atom"> + <title>[% title FILTER xml %]</title> + <link rel="alternate" type="text/html" + href="[% Param('urlbase') %]buglist.cgi? + [%- urlquerypart.replace('ctype=atom[&]?','') FILTER xml %]"/> + <link rel="self" type="application/atom+xml" + href="[% Param('urlbase') %]buglist.cgi? + [%- urlquerypart FILTER xml %]"/> + <updated>[% date.format(format=>"%Y-%m-%dT%H:%M:%SZ", + time=>bugs.nsort('changedtime').last.changedtime, + gmt=>1) FILTER xml %]</updated> + <id>[% Param('urlbase') %]buglist.cgi?[% urlquerypart FILTER xml %]</id> + + [% FOREACH bug = bugs %] + <entry> + <title>[% "@" IF bug.secure_mode %][[% terms.Bug %] [%+ bug.bug_id FILTER xml %]] [% bug.short_desc FILTER xml %]</title> + <link rel="alternate" type="text/html" + href="[% Param('urlbase') FILTER xml %]show_bug.cgi?id= + [%- bug.bug_id FILTER xml %]"/> + <id>[% Param('urlbase') FILTER xml %]show_bug.cgi?id=[% bug.bug_id FILTER xml %]</id> + <author> + <name>[% bug.reporter_realname FILTER xml %]</name> + </author> + <updated>[% date.format(format=>"%Y-%m-%dT%H:%M:%SZ",time=>bug.changedtime, + gmt=>1) FILTER xml %]</updated> + <summary type="html"> + [%# Filter out the entire block, so that we don't need to escape the html code out %] + [% FILTER xml %] + <table> + <tr> + <th>Field</th><th>Value</th> + </tr><tr> + <td>[% columns.opendate.title FILTER none %]</td> + <td>[% bug.opendate FILTER none %]</td> + </tr><tr> + <td>[% columns.assigned_to_realname.title FILTER none %]</td> + <td>[% bug.assigned_to_realname FILTER none %]</td> + </tr><tr> + <td>[% columns.priority.title FILTER none %]</td> + <td>[% bug.priority FILTER none %]</td> + </tr><tr> + <td>[% columns.bug_severity.title FILTER none %] </td> + <td>[% bug.bug_severity FILTER none %]</td> + </tr><tr> + <td>[% columns.bug_status.title FILTER none %]</td> + <td>[% bug.bug_status FILTER none %]</td> + </tr><tr> + <td>[% columns.changeddate.title FILTER none %]</td> + <td>[% bug.changeddate FILTER none -%]</td> + </tr> + </table> + [% END %] + </summary> + </entry> + [% END %] +</feed> |