Bug 330555: [SECURITY] H1, H2 and H3 are not filtered in global/header.html.tmpl...

diff --git a/editproducts.cgi b/editproducts.cgi
index b5f62ccb529c1b90fe2eaf91f3920be88a609350..bc458e089db45088448c6c94473a365fce7c23cd 100755 (executable)
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -1018,7 +1018,7 @@ if ($action eq 'updategroupcontrols') {
             exit;                
         }
     }
-    PutHeader("Update group access controls for $product");
+    PutHeader("Update group access controls for " . html_quote($product));
     $headerdone = 1;
     SendSQL("SELECT id, name FROM groups " .
             "WHERE isbuggroup != 0 AND isactive != 0");

diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index bbf99d0f2d472f8694a2159baffb4e123edd69bf..e8126fcccb789d9709f10895da36dc8bc090065b 100644 (file)
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -45,9 +45,9 @@
 [% END %]
 
 [% IF last_action == "copy" %]
-  [% title = "Create Flag Type Based on $type.name" %]
+  [% title = BLOCK %]Create Flag Type Based on [% type.name FILTER html %][% END %]
 [% ELSIF last_action == "edit" %]
-  [% title = "Edit Flag Type $type.name" %]
+  [% title = BLOCK %]Edit Flag Type [% type.name FILTER html %][% END %]
 [% END %]
 
 [% PROCESS global/header.html.tmpl

diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl
index bb513cf12e66893ebc8e0b7ffe598c9807b72951..e317770cce0a9118d141bb346b34c3798a88ceba 100644 (file)
--- a/template/en/default/admin/groups/edit.html.tmpl
+++ b/template/en/default/admin/groups/edit.html.tmpl
@@ -41,9 +41,10 @@
   #                   be aware of the group being edited and its members.
   #%]
 
+[% title = BLOCK %]Change Group: [% name FILTER html %][% END %]
 
 [% PROCESS global/header.html.tmpl
-  title = "Change Group: $name"
+  title = title
   style = "tr.odd_row {
                background: #e9e9e9; 
            }

diff --git a/template/en/default/admin/groups/remove.html.tmpl b/template/en/default/admin/groups/remove.html.tmpl
index 0eed2d9fbee9ccb75f041089f3bfeecdcbfd5b38..dca7204f6a0c963c6bc88268d774be20eff48e82 100644 (file)
--- a/template/en/default/admin/groups/remove.html.tmpl
+++ b/template/en/default/admin/groups/remove.html.tmpl
@@ -33,14 +33,14 @@
 
 
 [% IF remove_all %]
-  [% title = "Removing All Explicit Group Memberships from '"
-      _ name _ "'" %]
+  [% title = BLOCK %]Removing All Explicit Group Memberships from '[% name FILTER html %]'[% END %]
 [% ELSE %]
-  [% title = "Removing All Explicit Group Memberships Matching "
-      _ "Group RegExp from '" _ name _ "'" %]
+  [% title = BLOCK %]
+    Removing All Explicit Group Memberships Matching Group RegExp from '[% name FILTER html %]'
+  [% END %]
 [% END %]
 
-[% PROCESS global/header.html.tmpl %]
+[% PROCESS global/header.html.tmpl title = title %]
 
 [% IF remove_all %]
   <p><b>Removing explicit membership</b></p>

diff --git a/template/en/default/admin/products/groupcontrol/confirm-edit.html.tmpl b/template/en/default/admin/products/groupcontrol/confirm-edit.html.tmpl
index 0af6f68e2b202d3a48c93ab1c18dd733027a38e4..bf5d572bce019c02d6a68e3ba48b3cb90a16a178 100644 (file)
--- a/template/en/default/admin/products/groupcontrol/confirm-edit.html.tmpl
+++ b/template/en/default/admin/products/groupcontrol/confirm-edit.html.tmpl
@@ -22,7 +22,9 @@
 
 [% PROCESS global/variables.none.tmpl %]
 
-[% PROCESS global/header.html.tmpl title="Confirm Group Control Change for product \'$product\'" %]
+[% title = BLOCK %]Confirm Group Control Change for product '[% product FILTER html %]'[% END %]
+
+[% PROCESS global/header.html.tmpl title = title %]
 
 [% FOREACH group = mandatory_groups %]
 <P>

diff --git a/template/en/default/admin/users/confirm-delete.html.tmpl b/template/en/default/admin/users/confirm-delete.html.tmpl
index 9296f49d6ffa60c3d3d7d1dd2d637026cfde98fa..68d7078f0e6bf55daddc3b11b9d236768a592942 100644 (file)
--- a/template/en/default/admin/users/confirm-delete.html.tmpl
+++ b/template/en/default/admin/users/confirm-delete.html.tmpl
@@ -43,8 +43,10 @@
   #                           created
   #%]
 
+[% title = BLOCK %]Confirm deletion of user [% otheruser.login FILTER html %][% END %]
+
 [% PROCESS global/header.html.tmpl
-  title = "Confirm deletion of user $otheruser.login"
+  title = title
   style_urls = ['skins/standard/admin.css',
                 'skins/standard/editusers.css']
 %]

diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl
index 24def73b0bb4d98c95ade358dbf1dd46757fa04a..bb2f5c2ab332a43b100ddb7da0a4cfcca1e137c4 100644 (file)
--- a/template/en/default/admin/users/edit.html.tmpl
+++ b/template/en/default/admin/users/edit.html.tmpl
@@ -25,8 +25,10 @@
   #                      canbless) for viewed user.
   #%]
 
+[% title = BLOCK %]Edit user [% otheruser.login FILTER html %][% END %]
+
 [% PROCESS global/header.html.tmpl
-  title = "Edit user $login"
+  title = title
   message = message
   style_urls = ['skins/standard/editusers.css']
 %]

diff --git a/template/en/default/bug/show.html.tmpl b/template/en/default/bug/show.html.tmpl
index 8db59a9800444047e56d2f65e1af68e119fdffa3..e1e824dc07d74a18c7643e5732b7e5cb06f2d366 100644 (file)
--- a/template/en/default/bug/show.html.tmpl
+++ b/template/en/default/bug/show.html.tmpl
@@ -29,7 +29,7 @@
 [% filtered_desc = bug.short_desc FILTER html %]
 [% filtered_timestamp = bug.delta_ts FILTER time %]
 [% PROCESS global/header.html.tmpl
-  title = "$terms.Bug $bug.bug_id - $bug.short_desc"
+  title = "$terms.Bug $bug.bug_id - $filtered_desc"
   h1 = "$terms.Bugzilla $terms.Bug $bug.bug_id"
   h2 = filtered_desc
   h3 = "Last modified: $filtered_timestamp"

diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index a8c9721362521f59de18331b7883856b2463326c..dbbab8e5157394a2d16f5724ee7173f3853291ec 100644 (file)
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -253,6 +253,7 @@
   'javascript', 
   'style', 
   'onload',
+  'title',
   'h1',
   'h2',
   'h3', 

diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl
index 959bf5a995821ca5f2f5bd0d0563ff8108b29d4f..ae83e08753fcf43a114937d3a1292346913d3213 100644 (file)
--- a/template/en/default/global/header.html.tmpl
+++ b/template/en/default/global/header.html.tmpl
@@ -61,7 +61,7 @@
                       "http://www.w3.org/TR/html4/loose.dtd">
 <html>
   <head>
-    <title>[% title FILTER html %]</title>
+    <title>[% title %]</title>
 
 [%# Migration note: contents of the old Param 'headerhtml' would go here %]
 

diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl
index c89957a1143040330e8e58d06b98a0a9862853c4..34d36c392ddd120b44e03129e80cc5c0c602ca0d 100644 (file)
--- a/template/en/default/list/list.html.tmpl
+++ b/template/en/default/list/list.html.tmpl
@@ -33,7 +33,7 @@
 
 [% title = "$terms.Bug List" %]
 [% IF searchname %]
-  [% title = title _ ": " _ searchname %]
+  [% title = title _ ": " _ searchname FILTER html %]
 [% END %]
 
 [% style_urls = [ "skins/standard/buglist.css" ] %]

diff --git a/template/en/default/reports/components.html.tmpl b/template/en/default/reports/components.html.tmpl
index 9d9c6f9c33e74e4bdfa30f3e38f91f4f94b4fd51..f6513c0a7cab603317abdb37205018d076f4c4d0 100644 (file)
--- a/template/en/default/reports/components.html.tmpl
+++ b/template/en/default/reports/components.html.tmpl
@@ -30,7 +30,7 @@
   
 [% filtered_product = product FILTER html %]
 [% PROCESS global/header.html.tmpl 
-  title = "Components for $product"
+  title = "Components for $filtered_product"
   h2 = filtered_product %]
 
 [% IF Param("useqacontact") %]

diff --git a/template/en/default/reports/duplicates.html.tmpl b/template/en/default/reports/duplicates.html.tmpl
index 5cbf84fe267c267eae40d8ba522c1b607195b2fc..052e42ef2373b61ef8567af7412e489f348f343c 100644 (file)
--- a/template/en/default/reports/duplicates.html.tmpl
+++ b/template/en/default/reports/duplicates.html.tmpl
@@ -36,12 +36,15 @@
 [% PROCESS global/variables.none.tmpl %]
 
 [% IF query_products.size %]
-  [% title = "Most Frequently Reported $terms.Bugs for ${query_products.join(', ')}" %]
+  [% title = BLOCK %]
+    Most Frequently Reported [% terms.Bugs %] for [% query_products.join(', ') FILTER html %]
+  [% END %]
 [% ELSE %]
   [% title = "Most Frequently Reported $terms.Bugs" %]
 [% END%]
 
 [% PROCESS global/header.html.tmpl
+   title = title
    style = ".resolved { background-color: #d9d9d9; color: #000000; }"
 %]