From be2d5f9288337f46255b8543e65694ad8a1afe4c Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Mon, 29 Feb 2016 08:25:31 -0500 Subject: Bug 1251731 - XSS vulnerability through malicious attachment names --- extensions/Splinter/template/en/default/pages/splinter.html.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'extensions/Splinter/template/en/default') diff --git a/extensions/Splinter/template/en/default/pages/splinter.html.tmpl b/extensions/Splinter/template/en/default/pages/splinter.html.tmpl index 14034a184..a6dc9114a 100644 --- a/extensions/Splinter/template/en/default/pages/splinter.html.tmpl +++ b/extensions/Splinter/template/en/default/pages/splinter.html.tmpl @@ -102,7 +102,7 @@ attachment.isPatch = [% attachment.ispatch ? 1 : 0 %]; attachment.isObsolete = [% attachment.isobsolete ? 1 : 0 %]; attachment.isPrivate = [% attachment.isprivate ? 1 : 0 %]; - attachment.isCRLF = [% attach_is_crlf FILTER none %]; + attachment.isCRLF = [% attach_is_crlf ? 1 : 0 %]; theBug.attachments.push(attachment); [% END %] -- cgit v1.2.3-24-g4f1b