]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d096b20)
Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized...
authorFrédéric Buclin <LpSolit@gmail.com>
Wed, 16 Oct 2013 17:20:36 +0000 (19:20 +0200)
committerFrédéric Buclin <LpSolit@gmail.com>
Wed, 16 Oct 2013 17:20:36 +0000 (19:20 +0200)
r=dkl a=glob

template/en/default/admin/flag-type/edit.html.tmpl patch | blob | blame | history
template/en/default/filterexceptions.pl patch | blob | blame | history

diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index ebebf50821a0ed73ed6e5783876ad1ece3e170cc..6be88f1b4bc5b157f8e7526b46052a9b4cdc0d69 100644 (file)
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -53,10 +53,10 @@
 %]
 
 <form method="post" action="editflagtypes.cgi">
-  <input type="hidden" name="action" value="[% action %]">
-  <input type="hidden" name="id" value="[% type.id %]">
+  <input type="hidden" name="action" value="[% action FILTER html %]">
+  <input type="hidden" name="id" value="[% type.id FILTER html %]">
   <input type="hidden" name="token" value="[% token FILTER html %]">
-  <input type="hidden" name="target_type" value="[% type.target_type %]">
+  <input type="hidden" name="target_type" value="[% type.target_type FILTER html %]">
   [% FOREACH category = type.inclusions %]
     <input type="hidden" name="inclusions" value="[% category.value FILTER html %]">
   [% END %]
@@ -143,7 +143,7 @@
         when displayed to users in a list; ignore if you don't care
         what order the types appear in or if you want them to appear
         in alphabetical order<br>
-        <input type="text" name="sortkey" value="[% type.sortkey || 1 %]" size="5" maxlength="5">
+        <input type="text" name="sortkey" value="[% type.sortkey || 1 FILTER html %]" size="5" maxlength="5">
       </td>
     </tr>
 
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index 5ae93e3d35be80b4438340bee953516d369d4905..e04e9de147800c347f424ce0bf991e3721360d06 100644 (file)
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -424,10 +424,6 @@
 ],
 
 'admin/flag-type/edit.html.tmpl' => [
-  'action', 
-  'type.id', 
-  'type.target_type', 
-  'type.sortkey || 1',
   'typeLabelLowerPlural',
   'typeLabelLowerSingular',
   'selname',
Mirror of https://github.com/bugzilla/bugzilla.git