From b1ef63e5bfc0d3995245b42154686db1400b2c22 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 15 Oct 2006 03:26:50 +0000 Subject: Bug 206037: [SECURITY] Fix escaping/quoting in edit*.cgi scripts - Patch by Frédéric Buclin r=justdave a=justdave MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- template/en/default/bug/create/create.html.tmpl | 2 +- template/en/default/bug/edit.html.tmpl | 6 +++--- template/en/default/bug/show-multiple.html.tmpl | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'template/en/default/bug') diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index eb3aea2e4..812abb075 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -526,7 +526,7 @@ function handleWantsAttachment(wants_attachment) { -
+
[% END %]
[% END %] diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index c93d08c2b..12fcb05c8 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -198,7 +198,7 @@ [% get_resolution(bug.resolution) FILTER html %] [% IF bug.resolution == "DUPLICATE" %] - of [% terms.bug %] [%+ "${bug.dup_id}" FILTER bug_link(bug.dup_id) %] + of [% terms.bug %] [%+ "${bug.dup_id}" FILTER bug_link(bug.dup_id) FILTER none %] [% END %] @@ -619,7 +619,7 @@ name="bit-[% group.bit %]" id="bit-[% group.bit %]" [% " checked=\"checked\"" IF group.ison %] [% " disabled=\"disabled\"" IF NOT group.ingroup %]> - +
[% END %] [% END %] @@ -683,7 +683,7 @@ [% FOREACH depbug = bug.${dep.fieldname} %] - [% depbug FILTER bug_link(depbug) %][% " " %] + [% depbug FILTER bug_link(depbug) FILTER none %][% " " %] [% END %] diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index 2ebb3a21a..e3d38c022 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -303,7 +303,7 @@ [% terms.Bug %] [%+ field_descs.${name} FILTER html %]: [% FOREACH depbug = bug.${name} %] - [% depbug FILTER bug_link(depbug) %][% ", " IF not loop.last() %] + [% depbug FILTER bug_link(depbug) FILTER none %][% ", " IF not loop.last() %] [% END %] -- cgit v1.2.3-24-g4f1b