From 53eeca9fc9a12ae23a0aa66f1b38021e93d4f03c Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 16 Oct 2013 19:19:12 +0200 Subject: Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized when editing flag types if categoryAction-foo is set r=dkl a=glob --- template/en/default/admin/flag-type/edit.html.tmpl | 6 +++--- template/en/default/filterexceptions.pl | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl index 2cb985a47..de0476e19 100644 --- a/template/en/default/admin/flag-type/edit.html.tmpl +++ b/template/en/default/admin/flag-type/edit.html.tmpl @@ -52,7 +52,7 @@
- + @@ -149,8 +149,8 @@ this type will be sorted when displayed to users in a list; ignore if you don't care what order the types appear in or if you want them to appear in alphabetical order.
- + diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 691241c9c..897ab148e 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -410,8 +410,6 @@ ], 'admin/flag-type/edit.html.tmpl' => [ - 'type.id', - 'type.sortkey || 1', 'selname', ], -- cgit v1.2.3-24-g4f1b