From 026539311662235ea26f5f3cfe885322846db6fb Mon Sep 17 00:00:00 2001
From: "gerv%gerv.net" <>
Date: Sun, 7 Sep 2003 02:23:09 +0000
Subject: Bug 207044 - Filter more template directives. None of these are
security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.
---
template/en/default/reports/report.html.tmpl | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
(limited to 'template/en/default/reports/report.html.tmpl')
diff --git a/template/en/default/reports/report.html.tmpl b/template/en/default/reports/report.html.tmpl
index 31308c10c..19d8c722f 100644
--- a/template/en/default/reports/report.html.tmpl
+++ b/template/en/default/reports/report.html.tmpl
@@ -54,11 +54,15 @@
[% title = BLOCK %]
Report:
- [% tbl_field_disp IF tbl_field %]
+ [% IF tbl_field %]
+ [% tbl_field_disp FILTER html %]
+ [% END %]
[% " / " IF tbl_field AND (col_field OR row_field) %]
- [% row_field_disp IF row_field %]
+ [% IF row_field %]
+ [% row_field_disp FILTER html %]
+ [% END %]
[% " / " IF col_field AND row_field %]
- [% col_field_disp %]
+ [% col_field_disp FILTER html %]
[% END %]
[% PROCESS global/header.html.tmpl
@@ -128,7 +132,7 @@
[% UNLESS other_format.name == format %]
[% END %]
- [% other_format.description %]
+ [% other_format.description FILTER html %]
[% "" UNLESS other_format.name == format %] |
[% END %]
CSV
@@ -139,7 +143,9 @@
- [% sizeurl = "report.cgi?$switchbase&action=wrap&format=$format" %]
+ [% sizeurl = BLOCK %]report.cgi?
+ [% switchbase %]&action=wrap&format=
+ [% format FILTER html %][% END %]
Taller
--
cgit v1.2.3-24-g4f1b
|