diff options
author | lpsolit%gmail.com <> | 2008-05-05 07:05:48 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2008-05-05 07:05:48 +0200 |
commit | ecaf3819ef8907f91134d61453f4e31e630c3c30 (patch) | |
tree | 644bfd5c07bc7365ba798002ec4bd8b6f3a751af /template | |
parent | fd87911bb05e072c61628bd313579d06e95f2525 (diff) | |
download | bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.gz bugzilla-ecaf3819ef8907f91134d61453f4e31e630c3c30.tar.xz |
Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat r=wurblzap a=LpSolit
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/bug/show-multiple.html.tmpl | 6 | ||||
-rw-r--r-- | template/en/default/filterexceptions.pl | 1 |
2 files changed, 3 insertions, 4 deletions
diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index 2562903a6..1442cae4f 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -36,12 +36,12 @@ [% ids = [] %] [% FOREACH bug = bugs %] [% PROCESS bug_display %] - [% ids.push(bug.bug_id) %] + [% ids.push(bug.bug_id) UNLESS bug.error %] [% END %] [% IF ids.size > 1 %] <div class="bz_query_buttons"> <form method="post" action="buglist.cgi"> - <input type="hidden" name="bug_id" value="[% ids.join(",") FILTER none %]"> + <input type="hidden" name="bug_id" value="[% ids.join(",") FILTER html %]"> <input type="submit" id="short_format" value="Short Format"> </form> </div> @@ -63,7 +63,7 @@ [% BLOCK bug_display %] <h1> [% terms.Bug %] - <a href="show_bug.cgi?id=[% bug.bug_id %]">[% bug.bug_id %]</a> + <a href="show_bug.cgi?id=[% bug.bug_id FILTER html %]">[% bug.bug_id FILTER html %]</a> [% IF Param("usebugaliases") AND bug.alias AND NOT bug.error %] (<a href="show_bug.cgi?id=[% bug.alias FILTER url_quote %]"> [% bug.alias FILTER html %]</a>) diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 2fb8b48e0..c25e400c3 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -326,7 +326,6 @@ ], 'bug/show-multiple.html.tmpl' => [ - 'bug.bug_id', 'attachment.id', 'flag.status', ], |