summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 05:26:50 +0200
committerlpsolit%gmail.com <>2006-10-15 05:26:50 +0200
commitb1ef63e5bfc0d3995245b42154686db1400b2c22 (patch)
tree0db4955b3303c2e5565d6e97e8fac62c63147117 /template
parent40aae68e1263b9677285473a9205cef378b451c0 (diff)
downloadbugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.gz
bugzilla-b1ef63e5bfc0d3995245b42154686db1400b2c22.tar.xz
Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
Diffstat (limited to 'template')
-rw-r--r--template/en/default/account/prefs/permissions.html.tmpl8
-rw-r--r--template/en/default/account/prefs/settings.html.tmpl8
-rw-r--r--template/en/default/admin/classifications/del.html.tmpl2
-rw-r--r--template/en/default/admin/classifications/edit.html.tmpl2
-rw-r--r--template/en/default/admin/classifications/reclassify.html.tmpl2
-rw-r--r--template/en/default/admin/classifications/select.html.tmpl2
-rw-r--r--template/en/default/admin/components/confirm-delete.html.tmpl4
-rw-r--r--template/en/default/admin/components/updated.html.tmpl2
-rw-r--r--template/en/default/admin/groups/delete.html.tmpl2
-rw-r--r--template/en/default/admin/groups/edit.html.tmpl2
-rw-r--r--template/en/default/admin/groups/list.html.tmpl1
-rwxr-xr-xtemplate/en/default/admin/keywords/list.html.tmpl3
-rw-r--r--template/en/default/admin/products/confirm-delete.html.tmpl6
-rw-r--r--template/en/default/admin/products/edit-common.html.tmpl2
-rw-r--r--template/en/default/admin/products/edit.html.tmpl2
-rw-r--r--template/en/default/admin/products/updated.html.tmpl2
-rw-r--r--template/en/default/admin/settings/edit.html.tmpl6
-rw-r--r--template/en/default/admin/table.html.tmpl16
-rw-r--r--template/en/default/admin/users/edit.html.tmpl2
-rw-r--r--template/en/default/admin/users/list.html.tmpl46
-rw-r--r--template/en/default/bug/create/create.html.tmpl2
-rw-r--r--template/en/default/bug/edit.html.tmpl6
-rw-r--r--template/en/default/bug/show-multiple.html.tmpl2
-rw-r--r--template/en/default/filterexceptions.pl35
-rw-r--r--template/en/default/global/choose-classification.html.tmpl2
-rw-r--r--template/en/default/global/choose-product.html.tmpl2
-rw-r--r--template/en/default/list/edit-multiple.html.tmpl7
-rw-r--r--template/en/default/list/list-simple.html.tmpl4
-rw-r--r--template/en/default/reports/components.html.tmpl4
-rw-r--r--template/en/default/reports/keywords.html.tmpl4
30 files changed, 84 insertions, 104 deletions
diff --git a/template/en/default/account/prefs/permissions.html.tmpl b/template/en/default/account/prefs/permissions.html.tmpl
index dd6e1785b..77dda1ce4 100644
--- a/template/en/default/account/prefs/permissions.html.tmpl
+++ b/template/en/default/account/prefs/permissions.html.tmpl
@@ -42,8 +42,8 @@
<table align="center">
[% FOREACH bit_description = has_bits %]
<tr>
- <td>[% bit_description.name %]</td>
- <td>[% bit_description.desc %]</td>
+ <td>[% bit_description.name FILTER html %]</td>
+ <td>[% bit_description.desc FILTER html_light %]</td>
</tr>
[% END %]
</table>
@@ -63,8 +63,8 @@
<table align="center">
[% FOREACH bit_description = set_bits %]
<tr>
- <td>[% bit_description.name %]</td>
- <td>[% bit_description.desc %]</td>
+ <td>[% bit_description.name FILTER html %]</td>
+ <td>[% bit_description.desc FILTER html_light %]</td>
</tr>
[% END %]
</table>
diff --git a/template/en/default/account/prefs/settings.html.tmpl b/template/en/default/account/prefs/settings.html.tmpl
index 3ef9a5852..568dac0cb 100644
--- a/template/en/default/account/prefs/settings.html.tmpl
+++ b/template/en/default/account/prefs/settings.html.tmpl
@@ -49,8 +49,8 @@
</td>
<td>
[% IF settings.${name}.is_enabled %]
- <select name="[% name %]" id="[% name %]">
- <option value="[% default_name %]"
+ <select name="[% name FILTER html %]" id="[% name FILTER html %]">
+ <option value="[% default_name FILTER html %]"
[% ' selected="selected"' IF settings.${name}.is_default %]>
Site Default ([% setting_descs.${default_val} OR default_val FILTER html %])
</option>
@@ -64,8 +64,8 @@
[% END %]
</select>
[% ELSE %]
- <select name="[% name %]" id="[% name %]" disabled="disabled">
- <option value="[% default_name %]">
+ <select name="[% name FILTER html %]" id="[% name FILTER html %]" disabled="disabled">
+ <option value="[% default_name FILTER html %]">
Site Default ([% setting_descs.${default_val} OR default_val FILTER html %])
</option>
</select>
diff --git a/template/en/default/admin/classifications/del.html.tmpl b/template/en/default/admin/classifications/del.html.tmpl
index b450548b7..84c3cb197 100644
--- a/template/en/default/admin/classifications/del.html.tmpl
+++ b/template/en/default/admin/classifications/del.html.tmpl
@@ -36,7 +36,7 @@
<td valign="top">Description:</td>
<td valign="top">
[% IF classification.description %]
- [% classification.description FILTER none %]
+ [% classification.description FILTER html_light %]
[% ELSE %]
<font color="red">description missing</font>
[% END %]
diff --git a/template/en/default/admin/classifications/edit.html.tmpl b/template/en/default/admin/classifications/edit.html.tmpl
index b1fc482c2..b56a401f4 100644
--- a/template/en/default/admin/classifications/edit.html.tmpl
+++ b/template/en/default/admin/classifications/edit.html.tmpl
@@ -59,7 +59,7 @@
<th align=right valign=top>[% product.name FILTER html %]</th>
<td valign=top>
[% IF product.description %]
- [% product.description FILTER none %]
+ [% product.description FILTER html_light %]
[% ELSE %]
<font color="red">description missing</font>
[% END %]
diff --git a/template/en/default/admin/classifications/reclassify.html.tmpl b/template/en/default/admin/classifications/reclassify.html.tmpl
index d45b88073..0db2fc265 100644
--- a/template/en/default/admin/classifications/reclassify.html.tmpl
+++ b/template/en/default/admin/classifications/reclassify.html.tmpl
@@ -33,7 +33,7 @@
<td valign="top">Description:</td>
<td valign="top" colspan=3>
[% IF classification.description %]
- [% classification.description FILTER none %]
+ [% classification.description FILTER html_light %]
[% ELSE %]
<font color="red">description missing</font>
[% END %]
diff --git a/template/en/default/admin/classifications/select.html.tmpl b/template/en/default/admin/classifications/select.html.tmpl
index eaa2149f0..fd3aaf45d 100644
--- a/template/en/default/admin/classifications/select.html.tmpl
+++ b/template/en/default/admin/classifications/select.html.tmpl
@@ -37,7 +37,7 @@
<td valign="top"><a href="editclassifications.cgi?action=edit&amp;classification=[% cl.name FILTER url_quote %]"><b>[% cl.name FILTER html %]</b></a></td>
<td valign="top">
[% IF cl.description %]
- [% cl.description %]
+ [% cl.description FILTER html_light %]
[% ELSE %]
<font color="red">none</font>
[% END %]
diff --git a/template/en/default/admin/components/confirm-delete.html.tmpl b/template/en/default/admin/components/confirm-delete.html.tmpl
index 4c94813fd..e7e00636e 100644
--- a/template/en/default/admin/components/confirm-delete.html.tmpl
+++ b/template/en/default/admin/components/confirm-delete.html.tmpl
@@ -44,7 +44,7 @@
</tr>
<tr>
<td valign="top">Component Description:</td>
- <td valign="top">[% comp.description FILTER html %]</td>
+ <td valign="top">[% comp.description FILTER html_light %]</td>
</tr>
<tr>
<td valign="top">Default assignee:</td>
@@ -66,7 +66,7 @@
</tr>
<tr>
<td valign="top">Product Description:</td>
- <td valign="top">[% product.description FILTER html %]</td>
+ <td valign="top">[% product.description FILTER html_light %]</td>
[% END %]
[% IF Param('usetargetmilestone') %]
diff --git a/template/en/default/admin/components/updated.html.tmpl b/template/en/default/admin/components/updated.html.tmpl
index a6f2c8b9d..a4cbfdf5b 100644
--- a/template/en/default/admin/components/updated.html.tmpl
+++ b/template/en/default/admin/components/updated.html.tmpl
@@ -56,7 +56,7 @@
<table>
<tr>
<td>Updated description to:</td>
- <td>'[% comp.description FILTER html %]'</td>
+ <td>'[% comp.description FILTER html_light %]'</td>
</tr>
</table>
[% END %]
diff --git a/template/en/default/admin/groups/delete.html.tmpl b/template/en/default/admin/groups/delete.html.tmpl
index d0c50f69a..f5aa7a9b4 100644
--- a/template/en/default/admin/groups/delete.html.tmpl
+++ b/template/en/default/admin/groups/delete.html.tmpl
@@ -48,7 +48,7 @@
<tr>
<td>[% gid FILTER html %]</td>
<td>[% name FILTER html %]</td>
- <td>[% description FILTER html %]</td>
+ <td>[% description FILTER html_light %]</td>
</tr>
</table>
diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl
index 51aba7ffe..a66e78fde 100644
--- a/template/en/default/admin/groups/edit.html.tmpl
+++ b/template/en/default/admin/groups/edit.html.tmpl
@@ -165,7 +165,7 @@
[% group.grpnam FILTER html %]
</a>
</td>
- <td align="left" class="groupdesc">[% group.grpdesc FILTER html %]</td>
+ <td align="left" class="groupdesc">[% group.grpdesc FILTER html_light %]</td>
</tr>
[% END %]
</table>
diff --git a/template/en/default/admin/groups/list.html.tmpl b/template/en/default/admin/groups/list.html.tmpl
index fe32bc53d..ef2c7486b 100644
--- a/template/en/default/admin/groups/list.html.tmpl
+++ b/template/en/default/admin/groups/list.html.tmpl
@@ -47,6 +47,7 @@
}
{name => 'description'
heading => 'Description'
+ allow_html_content => 1
}
{name => 'userregexp'
heading => 'User RegExp'
diff --git a/template/en/default/admin/keywords/list.html.tmpl b/template/en/default/admin/keywords/list.html.tmpl
index 999538561..1ffa0f27d 100755
--- a/template/en/default/admin/keywords/list.html.tmpl
+++ b/template/en/default/admin/keywords/list.html.tmpl
@@ -43,7 +43,8 @@
},
{
name => "description"
- heading => "Description"
+ heading => "Description"
+ allow_html_content => 1
},
{
name => "bug_count"
diff --git a/template/en/default/admin/products/confirm-delete.html.tmpl b/template/en/default/admin/products/confirm-delete.html.tmpl
index e59dd8707..75aeb623a 100644
--- a/template/en/default/admin/products/confirm-delete.html.tmpl
+++ b/template/en/default/admin/products/confirm-delete.html.tmpl
@@ -56,7 +56,7 @@
[%# descriptions are intentionally not filtered to allow html content %]
<td>
[% IF classification.description %]
- [% classification.description FILTER none %]
+ [% classification.description FILTER html_light %]
[% ELSE %]
<span style="color: red">missing</span>
[% END %]
@@ -78,7 +78,7 @@
[%# descriptions are intentionally not filtered to allow html content %]
<td valign="top">
[% IF product.description %]
- [% product.description FILTER none %]
+ [% product.description FILTER html_light %]
[% ELSE %]
<span style="color: red">missing</span>
[% END %]
@@ -132,7 +132,7 @@
[%# descriptions are intentionally not filtered to allow html content %]
<td>
[% IF c.description %]
- [% c.description FILTER none %]
+ [% c.description FILTER html_light %]
[% ELSE %]
<span style="color: red">missing</span>
[% END %]
diff --git a/template/en/default/admin/products/edit-common.html.tmpl b/template/en/default/admin/products/edit-common.html.tmpl
index e3edadc9c..afa15d73c 100644
--- a/template/en/default/admin/products/edit-common.html.tmpl
+++ b/template/en/default/admin/products/edit-common.html.tmpl
@@ -40,7 +40,7 @@
<tr>
<th align="right">Description:</th>
<td><textarea rows="4" cols="64" wrap="virtual" name="description">
- [% product.description FILTER none %]</textarea>
+ [% product.description FILTER html %]</textarea>
</td>
</tr>
diff --git a/template/en/default/admin/products/edit.html.tmpl b/template/en/default/admin/products/edit.html.tmpl
index 4e8cc7b19..105ec6e74 100644
--- a/template/en/default/admin/products/edit.html.tmpl
+++ b/template/en/default/admin/products/edit.html.tmpl
@@ -50,7 +50,7 @@
[% FOREACH component = product.components %]
<b>[% component.name FILTER html %]:</b>&nbsp;
[% IF component.description %]
- [% component.description FILTER none %]
+ [% component.description FILTER html_light %]
[% ELSE %]
<font color="red">description missing</font>
[% END %]
diff --git a/template/en/default/admin/products/updated.html.tmpl b/template/en/default/admin/products/updated.html.tmpl
index e74720fed..8a0790d6e 100644
--- a/template/en/default/admin/products/updated.html.tmpl
+++ b/template/en/default/admin/products/updated.html.tmpl
@@ -75,7 +75,7 @@
<p>
Updated description to:</p>
</p>
- <p style="margin: 1em 3em 1em 3em">[% product.description FILTER html %]</p>
+ <p style="margin: 1em 3em 1em 3em">[% product.description FILTER html_light %]</p>
[% updated = 1 %]
[% END %]
diff --git a/template/en/default/admin/settings/edit.html.tmpl b/template/en/default/admin/settings/edit.html.tmpl
index 68c8577b0..9ca9226e7 100644
--- a/template/en/default/admin/settings/edit.html.tmpl
+++ b/template/en/default/admin/settings/edit.html.tmpl
@@ -64,7 +64,7 @@ page, and the Default Value will automatically apply to everyone.
[% setting_descs.$name OR name FILTER html %]
</td>
<td>
- <select name="[% name %]" id="[% name %]">
+ <select name="[% name FILTER html %]" id="[% name FILTER html %]">
[% FOREACH x = settings.${name}.legal_values %]
<option value="[% x FILTER html %]"
[% " selected=\"selected\"" IF x == settings.${name}.default_value %]>
@@ -75,8 +75,8 @@ page, and the Default Value will automatically apply to everyone.
</td>
<td align="center">
<input type="checkbox"
- name="[% checkbox_name %]"
- id="[% checkbox_name %]"
+ name="[% checkbox_name FILTER html %]"
+ id="[% checkbox_name FILTER html %]"
[% " checked=\"checked\"" IF settings.${name}.is_enabled %]>
<br>
</td>
diff --git a/template/en/default/admin/table.html.tmpl b/template/en/default/admin/table.html.tmpl
index 29108fd6c..d13dceb66 100644
--- a/template/en/default/admin/table.html.tmpl
+++ b/template/en/default/admin/table.html.tmpl
@@ -32,7 +32,7 @@
# with the key xxx in data hash of the current row.
# content: If specified, the content of this variable is used
# instead of the data pulled from the current row.
- # NOTE: This value is not HTML filtered at output!
+ # NOTE: This value is only partially HTML filtered!
# content_use_field: If defined and true, then each value in the
# column corresponds with a key in the
# field_descs field, and that value from the
@@ -41,8 +41,8 @@
# This content WILL be HTML-filtered in this case.
# align: left/center/right. Controls the horizontal alignment of the
# text in the column.
- # allow_html_content: if defined, then this column allows html content
- # so it will not be filtered
+ # allow_html_content: if defined, then this column allows some html content
+ # and so it will be only partially filtered.
# yesno_field: Turn the data from 0/!0 into Yes/No
#
# data:
@@ -94,6 +94,7 @@
content = c.content
content_use_field = c.content_use_field
align = c.align
+ class = c.class
allow_html_content = c.allow_html_content
yesno_field = c.yesno_field
%]
@@ -112,6 +113,8 @@
IF override.override_content_use_field %]
[% SET align = override.align
IF override.override_align %]
+ [% SET class = override.class
+ IF override.override_class %]
[% SET allow_html_content = override.allow_html_content
IF override.override_allow_html_content %]
[% SET yesno_field = override.yesno_field
@@ -122,7 +125,8 @@
[% END %]
[% END %]
- <td [% IF align %] align="[% align FILTER html %]" [% END %]>
+ <td [% IF align %] align="[% align FILTER html %]" [% END %]
+ [% IF class %] class="[% class FILTER html %]" [% END %]>
[% IF contentlink %]
[% link_uri = contentlink %]
@@ -143,7 +147,7 @@
[% colname = row.${c.name} %]
[% field_descs.${colname} FILTER html %]
[% ELSIF content %]
- [% content FILTER none %]
+ [% content FILTER html_light %]
[% ELSE %]
[% IF yesno_field %]
[% IF row.${c.name} %]
@@ -153,7 +157,7 @@
[% END %]
[% ELSE %]
[% IF allow_html_content %]
- [% row.${c.name} FILTER none %]
+ [% row.${c.name} FILTER html_light %]
[% ELSE %]
[% row.${c.name} FILTER html %]
[% END %]
diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl
index f92492472..c35bb691f 100644
--- a/template/en/default/admin/users/edit.html.tmpl
+++ b/template/en/default/admin/users/edit.html.tmpl
@@ -89,7 +89,7 @@
<td class="groupname">
<label for="group_[% group.id %]">
<strong>[% group.name FILTER html %]:</strong>
- [%+ group.description FILTER html %]
+ [%+ group.description FILTER html_light %]
</label>
</td>
</tr>
diff --git a/template/en/default/admin/users/list.html.tmpl b/template/en/default/admin/users/list.html.tmpl
index 4b483e33d..41c5016f8 100644
--- a/template/en/default/admin/users/list.html.tmpl
+++ b/template/en/default/admin/users/list.html.tmpl
@@ -38,11 +38,9 @@
heading => 'Edit user...'
contentlink => 'editusers.cgi?action=edit&amp;userid=%%userid%%' _
listselectionurlparams
- allow_html_content => 1
}
{name => 'realname'
heading => 'Real name'
- allow_html_content => 1
}
{heading => 'User Account Log'
content => 'View'
@@ -64,23 +62,38 @@
%]
[% END %]
+[%# Disabled users are crossed out. Missing realnames are noticed in red. %]
+[% overrides.login_name = [] %]
+[% overrides.realname = [] %]
+
[% FOREACH thisuser = users %]
- [%# We FILTER html here because we need admin/table.html.tmpl to accept HTML
- # for styling, so we cannot let admin/table.html.tmpl do the FILTER.
- #%]
- [% thisuser.login_name = BLOCK %]
- [% thisuser.login_name FILTER html %]
- [% END %]
- [% IF thisuser.realname %]
- [% thisuser.realname = BLOCK %]
- [% thisuser.realname FILTER html %]
- [% END %]
- [% ELSE %]
- [% SET thisuser.realname = '<span style="color: red">missing</span>' %]
+ [% IF !thisuser.realname %]
+ [%# We cannot pass one class now and one class later. %]
+ [% SET classes = (thisuser.disabledtext ? "bz_inactive missing" : "missing") %]
+ [% overrides.realname.push({
+ match_value => "$thisuser.login_name"
+ match_field => 'login_name'
+ content => "missing"
+ override_content => 1
+ class => "$classes"
+ override_class => 1 })
+ %]
[% END %]
+
[% IF thisuser.disabledtext %]
- [% thisuser.login_name = "<span class=\"bz_inactive\">$thisuser.login_name</span>" %]
- [% thisuser.realname = "<span class=\"bz_inactive\">$thisuser.realname</span>" %]
+ [% overrides.login_name.push({
+ match_value => "$thisuser.login_name"
+ match_field => 'login_name'
+ class => "bz_inactive"
+ override_class => 1 })
+ %]
+
+ [% overrides.realname.push({
+ match_value => "$thisuser.login_name"
+ match_field => 'login_name'
+ class => "bz_inactive"
+ override_class => 1 })
+ %]
[% END %]
[% END %]
@@ -89,6 +102,7 @@
[% PROCESS admin/table.html.tmpl
columns = columns
data = users
+ overrides = overrides
%]
<p>
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index eb3aea2e4..812abb075 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -526,7 +526,7 @@ function handleWantsAttachment(wants_attachment) {
<input type="checkbox" id="bit-[% g.bit %]"
name="bit-[% g.bit %]" value="1"
[% " checked=\"checked\"" IF g.checked %]>
- <label for="bit-[% g.bit %]">[% g.description %]</label><br>
+ <label for="bit-[% g.bit %]">[% g.description FILTER html_light %]</label><br>
[% END %]
<br>
[% END %]
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl
index c93d08c2b..12fcb05c8 100644
--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -198,7 +198,7 @@
<td>
[% get_resolution(bug.resolution) FILTER html %]
[% IF bug.resolution == "DUPLICATE" %]
- of [% terms.bug %] [%+ "${bug.dup_id}" FILTER bug_link(bug.dup_id) %]
+ of [% terms.bug %] [%+ "${bug.dup_id}" FILTER bug_link(bug.dup_id) FILTER none %]
[% END %]
</td>
</tr>
@@ -619,7 +619,7 @@
name="bit-[% group.bit %]" id="bit-[% group.bit %]"
[% " checked=\"checked\"" IF group.ison %]
[% " disabled=\"disabled\"" IF NOT group.ingroup %]>
- <label for="bit-[% group.bit %]">[% group.description %]</label>
+ <label for="bit-[% group.bit %]">[% group.description FILTER html_light %]</label>
<br>
[% END %]
[% END %]
@@ -683,7 +683,7 @@
</th>
<td>
[% FOREACH depbug = bug.${dep.fieldname} %]
- [% depbug FILTER bug_link(depbug) %][% " " %]
+ [% depbug FILTER bug_link(depbug) FILTER none %][% " " %]
[% END %]
</td>
<td>
diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl
index 2ebb3a21a..e3d38c022 100644
--- a/template/en/default/bug/show-multiple.html.tmpl
+++ b/template/en/default/bug/show-multiple.html.tmpl
@@ -303,7 +303,7 @@
<th>[% terms.Bug %] [%+ field_descs.${name} FILTER html %]:</th>
<td>
[% FOREACH depbug = bug.${name} %]
- [% depbug FILTER bug_link(depbug) %][% ", " IF not loop.last() %]
+ [% depbug FILTER bug_link(depbug) FILTER none %][% ", " IF not loop.last() %]
[% END %]
</td>
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index 70a4d28d0..c03704e72 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -112,7 +112,6 @@
],
'reports/keywords.html.tmpl' => [
- 'keyword.description',
'keyword.bug_count',
],
@@ -189,16 +188,10 @@
'list/edit-multiple.html.tmpl' => [
'group.id',
- 'group.description',
- 'group.description FILTER inactive',
'knum',
'menuname',
],
-'list/list-simple.html.tmpl' => [
- 'title',
-],
-
'list/list.rdf.tmpl' => [
'template_version',
'bug.bug_id',
@@ -225,10 +218,6 @@
'h.html',
],
-'global/choose-classification.html.tmpl' => [
- 'class.description',
-],
-
'global/choose-product.html.tmpl' => [
'target',
],
@@ -314,13 +303,10 @@
'bug.bug_id',
'bug.votes',
'group.bit',
- 'group.description',
'dep.title',
'dep.fieldname',
'bug.${dep.fieldname}.join(\', \')',
'selname',
- 'depbug FILTER bug_link(depbug)',
- '"${bug.dup_id}" FILTER bug_link(bug.dup_id)',
'" accesskey=\"$accesskey\"" IF accesskey',
'inputname',
'" colspan=\"$colspan\"" IF $colspan',
@@ -342,7 +328,6 @@
'bug/show-multiple.html.tmpl' => [
'bug.bug_id',
- 'depbug FILTER bug_link(depbug)',
'attachment.id',
'flag.status',
],
@@ -402,7 +387,6 @@
'bug/create/create.html.tmpl' => [
'g.bit',
- 'g.description',
'sel.name',
'sel.description',
'cloned_bug_id',
@@ -484,10 +468,6 @@
'link_uri'
],
-'admin/classifications/select.html.tmpl' => [
- 'cl.description',
-],
-
'admin/products/groupcontrol/confirm-edit.html.tmpl' => [
'group.count',
],
@@ -572,11 +552,6 @@
'comp.bug_count'
],
-'admin/settings/edit.html.tmpl' => [
- 'name',
- 'checkbox_name'
-],
-
'account/login.html.tmpl' => [
'target',
],
@@ -587,11 +562,6 @@
'prefname',
],
-'account/prefs/permissions.html.tmpl' => [
- 'bit_description.name',
- 'bit_description.desc',
-],
-
'account/prefs/prefs.html.tmpl' => [
'current_tab.label',
'current_tab.name',
@@ -601,9 +571,4 @@
'group.id',
],
-'account/prefs/settings.html.tmpl' => [
- 'name',
- 'default_name'
-],
-
);
diff --git a/template/en/default/global/choose-classification.html.tmpl b/template/en/default/global/choose-classification.html.tmpl
index 0a14fe44e..df0c37911 100644
--- a/template/en/default/global/choose-classification.html.tmpl
+++ b/template/en/default/global/choose-classification.html.tmpl
@@ -54,7 +54,7 @@
</th>
[% IF class.description %]
- <td valign="top">&nbsp;[% class.description %]</td>
+ <td valign="top">&nbsp;[% class.description FILTER html_light %]</td>
[% END %]
</tr>
[% END %]
diff --git a/template/en/default/global/choose-product.html.tmpl b/template/en/default/global/choose-product.html.tmpl
index 346a53751..da47332c2 100644
--- a/template/en/default/global/choose-product.html.tmpl
+++ b/template/en/default/global/choose-product.html.tmpl
@@ -51,7 +51,7 @@
[% p.name FILTER html %]</a>:&nbsp;
</th>
- <td valign="top">[% p.description FILTER none %]</td>
+ <td valign="top">[% p.description FILTER html_light %]</td>
</tr>
[% END %]
diff --git a/template/en/default/list/edit-multiple.html.tmpl b/template/en/default/list/edit-multiple.html.tmpl
index cf57bb651..38e4e930f 100644
--- a/template/en/default/list/edit-multiple.html.tmpl
+++ b/template/en/default/list/edit-multiple.html.tmpl
@@ -256,11 +256,8 @@
[% END %]
<td>
- [% IF group.isactive %]
- [% group.description %]
- [% ELSE %]
- [% group.description FILTER inactive %]
- [% END %]
+ [% SET inactive = !group.isactive %]
+ [% group.description FILTER html_light FILTER inactive(inactive) %]
</td>
</tr>
diff --git a/template/en/default/list/list-simple.html.tmpl b/template/en/default/list/list-simple.html.tmpl
index 9cdc1bed9..8494baf60 100644
--- a/template/en/default/list/list-simple.html.tmpl
+++ b/template/en/default/list/list-simple.html.tmpl
@@ -30,8 +30,6 @@
[%############################################################################%]
[% DEFAULT title = "$terms.Bug List" %]
-[% title = title FILTER html %]
-
[%############################################################################%]
[%# Bug Table #%]
@@ -40,7 +38,7 @@
<html>
<head>
- <title>[% title %]</title>
+ <title>[% title FILTER html %]</title>
<base href="[% Param("urlbase") %]">
<link href="skins/standard/buglist.css" rel="stylesheet" type="text/css">
</head>
diff --git a/template/en/default/reports/components.html.tmpl b/template/en/default/reports/components.html.tmpl
index 1e9065a78..d135a7ef8 100644
--- a/template/en/default/reports/components.html.tmpl
+++ b/template/en/default/reports/components.html.tmpl
@@ -36,7 +36,7 @@
[% END %]
<p>
- [% product.description FILTER none %]
+ [% product.description FILTER html_light %]
</p>
<table>
@@ -87,7 +87,7 @@
</tr>
<tr>
<td colspan="[% numcols - 1 %]">
- [% comp.description FILTER none %]
+ [% comp.description FILTER html_light %]
</td>
</tr>
[% END %]
diff --git a/template/en/default/reports/keywords.html.tmpl b/template/en/default/reports/keywords.html.tmpl
index 979c50163..1a0ae0bf5 100644
--- a/template/en/default/reports/keywords.html.tmpl
+++ b/template/en/default/reports/keywords.html.tmpl
@@ -24,7 +24,7 @@
# keywords: array keyword objects. May be empty. Each has has four members:
# id: id of the keyword
# name: the name of the keyword
- # description: keyword description. May be HTML.
+ # description: keyword description. Can contain some limited HTML code.
# bug_count: number of bugs with that keyword
# caneditkeywords: boolean. True if this user can edit keywords
%]
@@ -55,7 +55,7 @@
<a name="[% keyword.name FILTER html %]">
[% keyword.name FILTER html %]</a>
</th>
- <td>[% keyword.description %]</td>
+ <td>[% keyword.description FILTER html_light %]</td>
<td align="center">
[% IF keyword.bug_count > 0 %]
<a href="buglist.cgi?keywords=[% keyword.name FILTER url_quote %]&amp;resolution=---">