From 026539311662235ea26f5f3cfe885322846db6fb Mon Sep 17 00:00:00 2001
From: "gerv%gerv.net" <>
Date: Sun, 7 Sep 2003 02:23:09 +0000
Subject: Bug 207044 - Filter more template directives. None of these are
security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.
---
template/en/default/reports/components.html.tmpl | 8 ++++---
.../en/default/reports/duplicates-simple.html.tmpl | 2 +-
.../en/default/reports/duplicates-table.html.tmpl | 25 +++++++++++-----------
template/en/default/reports/report-table.csv.tmpl | 13 +++++++----
template/en/default/reports/report-table.html.tmpl | 2 +-
template/en/default/reports/report.html.tmpl | 16 +++++++++-----
6 files changed, 40 insertions(+), 26 deletions(-)
(limited to 'template/en/default/reports')
diff --git a/template/en/default/reports/components.html.tmpl b/template/en/default/reports/components.html.tmpl
index b6d5010d0..d1af07392 100644
--- a/template/en/default/reports/components.html.tmpl
+++ b/template/en/default/reports/components.html.tmpl
@@ -79,13 +79,15 @@
[% comp.name FILTER html %]
-
+
[% comp.initialowner FILTER html %]
|
[% IF Param("useqacontact") %]
-
- [% comp.initialqacontact %]
+
+ [% comp.initialqacontact FILTER html %]
|
[% END %]
diff --git a/template/en/default/reports/duplicates-simple.html.tmpl b/template/en/default/reports/duplicates-simple.html.tmpl
index a74926f8e..22055779a 100644
--- a/template/en/default/reports/duplicates-simple.html.tmpl
+++ b/template/en/default/reports/duplicates-simple.html.tmpl
@@ -34,7 +34,7 @@
[% END%]
- [% title %]
+ [% title FILTER html %]
diff --git a/template/en/default/reports/duplicates-table.html.tmpl b/template/en/default/reports/duplicates-table.html.tmpl
index 0ebd2b4de..34e070f10 100644
--- a/template/en/default/reports/duplicates-table.html.tmpl
+++ b/template/en/default/reports/duplicates-table.html.tmpl
@@ -70,17 +70,18 @@
[% bug_ids_string = bug_ids.join(',') %]
+ [% "&maxrows=$maxrows" IF maxrows %]
+ [% "&changedsince=$changedsince" IF changedsince %]
+ [% "&openonly=1" IF openonly %]
+ [% IF product %]&product=[% product FILTER html %][% END %]
+ [% IF format %]&format=[% format FILTER html %][% END %]
+ [% "&bug_id=$bug_ids_string&sortvisible=1"
+ IF sortvisible %]">
[% column.description %]
@@ -135,10 +136,10 @@
[% bug.delta %] |
[% END %]
- [% bug.component %] |
- [% bug.bug_severity %] |
- [% bug.op_sys %] |
- [% bug.target_milestone %] |
+ [% bug.component FILTER html %] |
+ [% bug.bug_severity FILTER html %] |
+ [% bug.op_sys FILTER html %] |
+ [% bug.target_milestone FILTER html %] |
[% bug.short_desc FILTER html %] |
[% END %]
diff --git a/template/en/default/reports/report-table.csv.tmpl b/template/en/default/reports/report-table.csv.tmpl
index 989790e47..216419fea 100644
--- a/template/en/default/reports/report-table.csv.tmpl
+++ b/template/en/default/reports/report-table.csv.tmpl
@@ -29,13 +29,18 @@
[% row_field_disp = field_descs.$row_field || row_field %]
[% title = BLOCK %]
- [% "$tbl_field_disp: $tbl\n" IF tbl_field %]
- [% row_field_disp IF row_field %]
+ [% IF tbl_field %]
+ [% tbl_field_disp FILTER csv %]: [% tbl FILTER csv %]
+
+ [% END %]
+ [% IF row_field %]
+ [% row_field_disp FILTER csv %]
+ [% END %]
[% " / " IF col_field AND row_field %]
- [% col_field_disp %]
+ [% col_field_disp FILTER csv %]
[% END %]
-[% title FILTER csv %],
+[% title %],
[% IF col_field -%]
[% FOREACH col = col_names -%]
[% col FILTER csv -%],
diff --git a/template/en/default/reports/report-table.html.tmpl b/template/en/default/reports/report-table.html.tmpl
index f28c39590..e4b52b488 100644
--- a/template/en/default/reports/report-table.html.tmpl
+++ b/template/en/default/reports/report-table.html.tmpl
@@ -50,7 +50,7 @@
|
- [% tbl_disp %]
+ [% tbl_disp FILTER html %]
|
[% END %]
diff --git a/template/en/default/reports/report.html.tmpl b/template/en/default/reports/report.html.tmpl
index 31308c10c..19d8c722f 100644
--- a/template/en/default/reports/report.html.tmpl
+++ b/template/en/default/reports/report.html.tmpl
@@ -54,11 +54,15 @@
[% title = BLOCK %]
Report:
- [% tbl_field_disp IF tbl_field %]
+ [% IF tbl_field %]
+ [% tbl_field_disp FILTER html %]
+ [% END %]
[% " / " IF tbl_field AND (col_field OR row_field) %]
- [% row_field_disp IF row_field %]
+ [% IF row_field %]
+ [% row_field_disp FILTER html %]
+ [% END %]
[% " / " IF col_field AND row_field %]
- [% col_field_disp %]
+ [% col_field_disp FILTER html %]
[% END %]
[% PROCESS global/header.html.tmpl
@@ -128,7 +132,7 @@
[% UNLESS other_format.name == format %]
[% END %]
- [% other_format.description %]
+ [% other_format.description FILTER html %]
[% "" UNLESS other_format.name == format %] |
[% END %]
CSV
@@ -139,7 +143,9 @@
- [% sizeurl = "report.cgi?$switchbase&action=wrap&format=$format" %]
+ [% sizeurl = BLOCK %]report.cgi?
+ [% switchbase %]&action=wrap&format=
+ [% format FILTER html %][% END %]
Taller
--
cgit v1.2.3-24-g4f1b
|