From b1ef63e5bfc0d3995245b42154686db1400b2c22 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sun, 15 Oct 2006 03:26:50 +0000
Subject: Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts -
Patch by Frédéric Buclin
Updated description to:Description:
[% IF classification.description %]
- [% classification.description FILTER none %]
+ [% classification.description FILTER html_light %]
[% ELSE %]
description missing
[% END %]
diff --git a/template/en/default/admin/classifications/edit.html.tmpl b/template/en/default/admin/classifications/edit.html.tmpl
index b1fc482c2..b56a401f4 100644
--- a/template/en/default/admin/classifications/edit.html.tmpl
+++ b/template/en/default/admin/classifications/edit.html.tmpl
@@ -59,7 +59,7 @@
[% product.name FILTER html %]
[% IF product.description %]
- [% product.description FILTER none %]
+ [% product.description FILTER html_light %]
[% ELSE %]
description missing
[% END %]
diff --git a/template/en/default/admin/classifications/reclassify.html.tmpl b/template/en/default/admin/classifications/reclassify.html.tmpl
index d45b88073..0db2fc265 100644
--- a/template/en/default/admin/classifications/reclassify.html.tmpl
+++ b/template/en/default/admin/classifications/reclassify.html.tmpl
@@ -33,7 +33,7 @@
Description:
[% IF classification.description %]
- [% classification.description FILTER none %]
+ [% classification.description FILTER html_light %]
[% ELSE %]
description missing
[% END %]
diff --git a/template/en/default/admin/classifications/select.html.tmpl b/template/en/default/admin/classifications/select.html.tmpl
index eaa2149f0..fd3aaf45d 100644
--- a/template/en/default/admin/classifications/select.html.tmpl
+++ b/template/en/default/admin/classifications/select.html.tmpl
@@ -37,7 +37,7 @@
[% cl.name FILTER html %]
[% IF cl.description %]
- [% cl.description %]
+ [% cl.description FILTER html_light %]
[% ELSE %]
none
[% END %]
diff --git a/template/en/default/admin/components/confirm-delete.html.tmpl b/template/en/default/admin/components/confirm-delete.html.tmpl
index 4c94813fd..e7e00636e 100644
--- a/template/en/default/admin/components/confirm-delete.html.tmpl
+++ b/template/en/default/admin/components/confirm-delete.html.tmpl
@@ -44,7 +44,7 @@
Component Description:
- [% comp.description FILTER html %]
+ [% comp.description FILTER html_light %]
Default assignee:
@@ -66,7 +66,7 @@
Product Description:
- [% product.description FILTER html %]
+ [% product.description FILTER html_light %]
[% END %]
[% IF Param('usetargetmilestone') %]
diff --git a/template/en/default/admin/components/updated.html.tmpl b/template/en/default/admin/components/updated.html.tmpl
index a6f2c8b9d..a4cbfdf5b 100644
--- a/template/en/default/admin/components/updated.html.tmpl
+++ b/template/en/default/admin/components/updated.html.tmpl
@@ -56,7 +56,7 @@
[% END %]
diff --git a/template/en/default/admin/groups/delete.html.tmpl b/template/en/default/admin/groups/delete.html.tmpl
index d0c50f69a..f5aa7a9b4 100644
--- a/template/en/default/admin/groups/delete.html.tmpl
+++ b/template/en/default/admin/groups/delete.html.tmpl
@@ -48,7 +48,7 @@
Updated description to:
- '[% comp.description FILTER html %]'
+ '[% comp.description FILTER html_light %]'
diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl
index 51aba7ffe..a66e78fde 100644
--- a/template/en/default/admin/groups/edit.html.tmpl
+++ b/template/en/default/admin/groups/edit.html.tmpl
@@ -165,7 +165,7 @@
[% group.grpnam FILTER html %]
- [% gid FILTER html %]
[% name FILTER html %]
- [% description FILTER html %]
+ [% description FILTER html_light %]
[% group.grpdesc FILTER html %]
+ [% group.grpdesc FILTER html_light %]
[% END %]
diff --git a/template/en/default/admin/groups/list.html.tmpl b/template/en/default/admin/groups/list.html.tmpl
index fe32bc53d..ef2c7486b 100644
--- a/template/en/default/admin/groups/list.html.tmpl
+++ b/template/en/default/admin/groups/list.html.tmpl
@@ -47,6 +47,7 @@
}
{name => 'description'
heading => 'Description'
+ allow_html_content => 1
}
{name => 'userregexp'
heading => 'User RegExp'
diff --git a/template/en/default/admin/keywords/list.html.tmpl b/template/en/default/admin/keywords/list.html.tmpl
index 999538561..1ffa0f27d 100755
--- a/template/en/default/admin/keywords/list.html.tmpl
+++ b/template/en/default/admin/keywords/list.html.tmpl
@@ -43,7 +43,8 @@
},
{
name => "description"
- heading => "Description"
+ heading => "Description"
+ allow_html_content => 1
},
{
name => "bug_count"
diff --git a/template/en/default/admin/products/confirm-delete.html.tmpl b/template/en/default/admin/products/confirm-delete.html.tmpl
index e59dd8707..75aeb623a 100644
--- a/template/en/default/admin/products/confirm-delete.html.tmpl
+++ b/template/en/default/admin/products/confirm-delete.html.tmpl
@@ -56,7 +56,7 @@
[%# descriptions are intentionally not filtered to allow html content %]
[% IF classification.description %]
- [% classification.description FILTER none %]
+ [% classification.description FILTER html_light %]
[% ELSE %]
missing
[% END %]
@@ -78,7 +78,7 @@
[%# descriptions are intentionally not filtered to allow html content %]
[% IF product.description %]
- [% product.description FILTER none %]
+ [% product.description FILTER html_light %]
[% ELSE %]
missing
[% END %]
@@ -132,7 +132,7 @@
[%# descriptions are intentionally not filtered to allow html content %]
[% IF c.description %]
- [% c.description FILTER none %]
+ [% c.description FILTER html_light %]
[% ELSE %]
missing
[% END %]
diff --git a/template/en/default/admin/products/edit-common.html.tmpl b/template/en/default/admin/products/edit-common.html.tmpl
index e3edadc9c..afa15d73c 100644
--- a/template/en/default/admin/products/edit-common.html.tmpl
+++ b/template/en/default/admin/products/edit-common.html.tmpl
@@ -40,7 +40,7 @@
diff --git a/template/en/default/admin/products/edit.html.tmpl b/template/en/default/admin/products/edit.html.tmpl
index 4e8cc7b19..105ec6e74 100644
--- a/template/en/default/admin/products/edit.html.tmpl
+++ b/template/en/default/admin/products/edit.html.tmpl
@@ -50,7 +50,7 @@
[% FOREACH component = product.components %]
[% component.name FILTER html %]:
[% IF component.description %]
- [% component.description FILTER none %]
+ [% component.description FILTER html_light %]
[% ELSE %]
description missing
[% END %]
diff --git a/template/en/default/admin/products/updated.html.tmpl b/template/en/default/admin/products/updated.html.tmpl
index e74720fed..8a0790d6e 100644
--- a/template/en/default/admin/products/updated.html.tmpl
+++ b/template/en/default/admin/products/updated.html.tmpl
@@ -75,7 +75,7 @@
Description:
+ [% product.description FILTER html %]
[% product.description FILTER html %]
+[% product.description FILTER html_light %]
[% updated = 1 %] [% END %] diff --git a/template/en/default/admin/settings/edit.html.tmpl b/template/en/default/admin/settings/edit.html.tmpl index 68c8577b0..9ca9226e7 100644 --- a/template/en/default/admin/settings/edit.html.tmpl +++ b/template/en/default/admin/settings/edit.html.tmpl @@ -64,7 +64,7 @@ page, and the Default Value will automatically apply to everyone. [% setting_descs.$name OR name FILTER html %]-- cgit v1.2.3-24-g4f1b