diff options
author | gerv%gerv.net <> | 2003-09-07 04:23:09 +0200 |
---|---|---|
committer | gerv%gerv.net <> | 2003-09-07 04:23:09 +0200 |
commit | 026539311662235ea26f5f3cfe885322846db6fb (patch) | |
tree | 97ded73af263f79157ec928cc0fc56c82e8b9334 /template/en/default/reports/report.html.tmpl | |
parent | 94266c521b3e388b41f3dd6f74948a9ec71997d5 (diff) | |
download | bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.gz bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.xz |
Bug 207044 - Filter more template directives. None of these are security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.
Diffstat (limited to 'template/en/default/reports/report.html.tmpl')
-rw-r--r-- | template/en/default/reports/report.html.tmpl | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/template/en/default/reports/report.html.tmpl b/template/en/default/reports/report.html.tmpl index 31308c10c..19d8c722f 100644 --- a/template/en/default/reports/report.html.tmpl +++ b/template/en/default/reports/report.html.tmpl @@ -54,11 +54,15 @@ [% title = BLOCK %] Report: - [% tbl_field_disp IF tbl_field %] + [% IF tbl_field %] + [% tbl_field_disp FILTER html %] + [% END %] [% " / " IF tbl_field AND (col_field OR row_field) %] - [% row_field_disp IF row_field %] + [% IF row_field %] + [% row_field_disp FILTER html %] + [% END %] [% " / " IF col_field AND row_field %] - [% col_field_disp %] + [% col_field_disp FILTER html %] [% END %] [% PROCESS global/header.html.tmpl @@ -128,7 +132,7 @@ [% UNLESS other_format.name == format %] <a href="[% formaturl %]&format=[% other_format.name %]"> [% END %] - [% other_format.description %] + [% other_format.description FILTER html %] [% "</a>" UNLESS other_format.name == format %] | [% END %] <a href="[% formaturl %]&ctype=csv&format=table">CSV</a> @@ -139,7 +143,9 @@ </td> - [% sizeurl = "report.cgi?$switchbase&action=wrap&format=$format" %] + [% sizeurl = BLOCK %]report.cgi? + [% switchbase %]&action=wrap&format= + [% format FILTER html %][% END %] <td align="center"> <a href="[% sizeurl %]&width=[% width %]&height= [% height + 100 %]">Taller</a><br> |