From: lpsolit%gmail.com <> Date: Sun, 15 Oct 2006 03:55:05 +0000 (+0000) Subject: Bug 330555: [SECURITY] H1, H2 and H3 are not filtered in global/header.html.tmpl... X-Git-Tag: bugzilla-2.18.6~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e74b36dc1ad3bc23b2ee646eb85330bcb44e5e66;p=thirdparty%2Fbugzilla.git Bug 330555: [SECURITY] H1, H2 and H3 are not filtered in global/header.html.tmpl - Patch by Frédéric Buclin r=justdave a=justdave --- diff --git a/CGI.pl b/CGI.pl index 862cb7a8b1..fdae61c3e7 100644 --- a/CGI.pl +++ b/CGI.pl @@ -236,8 +236,13 @@ sub MailPassword { } sub PutHeader { - ($vars->{'title'}, $vars->{'h1'}, $vars->{'h2'}) = (@_); - + my ($title, $h1, $h2) = @_; + + # We filter fields here. + $vars->{'title'} = html_quote($title) if defined $title; + $vars->{'h1'} = html_quote($h1) if defined $h1; + $vars->{'h2'} = html_quote($h2) if defined $h2; + $::template->process("global/header.html.tmpl", $::vars) || ThrowTemplateError($::template->error()); $vars->{'header_done'} = 1; diff --git a/editgroups.cgi b/editgroups.cgi index 2d4911ec74..cfd5545ad3 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -673,10 +673,9 @@ if (($action eq 'remove_all_regexp') || ($action eq 'remove_all')) { my ($name, $regexp) = $sth->fetchrow_array(); if ($action eq 'remove_all_regexp') { PutHeader("Removing All Explicit Group Memberships Matching " - . "Group RegExp from \'" . html_quote($name) . "\'"); + . "Group RegExp from \'$name\'"); } else { - PutHeader("Removing All Explicit Group Memberships from \'" - . html_quote($name) . "\'"); + PutHeader("Removing All Explicit Group Memberships from \'$name\'"); } $dbh->do("LOCK TABLES groups WRITE, diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl index b09c70cc9d..685e7c08f0 100644 --- a/template/en/default/admin/flag-type/edit.html.tmpl +++ b/template/en/default/admin/flag-type/edit.html.tmpl @@ -44,9 +44,9 @@ [% END %] [% IF last_action == "copy" %] - [% title = "Create Flag Type Based on $type.name" %] + [% title = BLOCK %]Create Flag Type Based on [% type.name FILTER html %][% END %] [% ELSIF last_action == "edit" %] - [% title = "Edit Flag Type $type.name" %] + [% title = BLOCK %]Edit Flag Type [% type.name FILTER html %][% END %] [% END %] [% PROCESS global/header.html.tmpl diff --git a/template/en/default/admin/products/groupcontrol/confirm-edit.html.tmpl b/template/en/default/admin/products/groupcontrol/confirm-edit.html.tmpl index 006189c13d..cc4048d481 100644 --- a/template/en/default/admin/products/groupcontrol/confirm-edit.html.tmpl +++ b/template/en/default/admin/products/groupcontrol/confirm-edit.html.tmpl @@ -22,7 +22,9 @@ [% PROCESS global/variables.none.tmpl %] -[% PROCESS global/header.html.tmpl title="Confirm Group Control Change for product \'$product\'" %] +[% title = BLOCK %]Confirm Group Control Change for product '[% product FILTER html %]'[% END %] + +[% PROCESS global/header.html.tmpl title = title %] [% FOREACH group = mandatory_groups %]

diff --git a/template/en/default/bug/show.html.tmpl b/template/en/default/bug/show.html.tmpl index 8db59a9800..e1e824dc07 100644 --- a/template/en/default/bug/show.html.tmpl +++ b/template/en/default/bug/show.html.tmpl @@ -29,7 +29,7 @@ [% filtered_desc = bug.short_desc FILTER html %] [% filtered_timestamp = bug.delta_ts FILTER time %] [% PROCESS global/header.html.tmpl - title = "$terms.Bug $bug.bug_id - $bug.short_desc" + title = "$terms.Bug $bug.bug_id - $filtered_desc" h1 = "$terms.Bugzilla $terms.Bug $bug.bug_id" h2 = filtered_desc h3 = "Last modified: $filtered_timestamp" diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 08f885175b..72440c9d40 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -248,6 +248,7 @@ 'bgcolor', 'onload', 'bodyattrs', + 'title', 'h1', 'h2', 'h3', diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl index a4314fdfa6..0422c2af99 100644 --- a/template/en/default/global/header.html.tmpl +++ b/template/en/default/global/header.html.tmpl @@ -61,7 +61,7 @@ - [% title FILTER html %] + [% title %] [%# Migration note: contents of the old Param 'headerhtml' would go here %] diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl index c244b3f0c6..c17f40ff28 100644 --- a/template/en/default/list/list.html.tmpl +++ b/template/en/default/list/list.html.tmpl @@ -33,7 +33,7 @@ [% title = "$terms.Bug List" %] [% IF searchname %] - [% title = title _ ": " _ searchname %] + [% title = title _ ": " _ searchname FILTER html %] [% END %] [% style_urls = [ "css/buglist.css" ] %] diff --git a/template/en/default/reports/components.html.tmpl b/template/en/default/reports/components.html.tmpl index c3a3ae5162..e0f0cf33de 100644 --- a/template/en/default/reports/components.html.tmpl +++ b/template/en/default/reports/components.html.tmpl @@ -30,7 +30,7 @@ [% filtered_product = product FILTER html %] [% PROCESS global/header.html.tmpl - title = "Components for $product" + title = "Components for $filtered_product" h2 = filtered_product %] [% IF Param("useqacontact") %] diff --git a/template/en/default/reports/duplicates.html.tmpl b/template/en/default/reports/duplicates.html.tmpl index 5cbf84fe26..764bfb8fb2 100644 --- a/template/en/default/reports/duplicates.html.tmpl +++ b/template/en/default/reports/duplicates.html.tmpl @@ -36,7 +36,9 @@ [% PROCESS global/variables.none.tmpl %] [% IF query_products.size %] - [% title = "Most Frequently Reported $terms.Bugs for ${query_products.join(', ')}" %] + [% title = BLOCK %] + Most Frequently Reported [% terms.Bugs %] for [% query_products.join(', ') FILTER html %] + [% END %] [% ELSE %] [% title = "Most Frequently Reported $terms.Bugs" %] [% END%]