From b1ef63e5bfc0d3995245b42154686db1400b2c22 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sun, 15 Oct 2006 03:26:50 +0000
Subject: Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts -
 Patch by Frédéric Buclin <LpSolit@gmail.com> r=justdave a=justdave
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 template/en/default/account/prefs/settings.html.tmpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'template/en/default/account/prefs/settings.html.tmpl')

diff --git a/template/en/default/account/prefs/settings.html.tmpl b/template/en/default/account/prefs/settings.html.tmpl
index 3ef9a5852..568dac0cb 100644
--- a/template/en/default/account/prefs/settings.html.tmpl
+++ b/template/en/default/account/prefs/settings.html.tmpl
@@ -49,8 +49,8 @@
         </td>
         <td>
           [% IF settings.${name}.is_enabled %]
-            <select name="[% name %]" id="[% name %]">
-              <option value="[% default_name %]"
+            <select name="[% name FILTER html %]" id="[% name FILTER html %]">
+              <option value="[% default_name FILTER html %]"
                 [% ' selected="selected"' IF settings.${name}.is_default %]>
                 Site Default ([% setting_descs.${default_val} OR default_val FILTER html %])
               </option>
@@ -64,8 +64,8 @@
               [% END %]
             </select>
           [% ELSE %]
-            <select name="[% name %]" id="[% name %]" disabled="disabled">
-              <option value="[% default_name %]">
+            <select name="[% name FILTER html %]" id="[% name FILTER html %]" disabled="disabled">
+              <option value="[% default_name FILTER html %]">
                 Site Default ([% setting_descs.${default_val} OR default_val FILTER html %])
               </option>
             </select>
-- 
cgit v1.2.3-24-g4f1b