Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple...

diff --git a/show_bug.cgi b/show_bug.cgi
index bc6faa8a58b85027aaf462babe9efe02f9a76fe8..50168e24ca5458047d621afa239bd48895993d27 100755 (executable)
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -99,7 +99,7 @@ $vars->{'bugs'} = \@bugs;
 $vars->{'marks'} = \%marks;
 $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count();
 
-my @bugids = map {$_->bug_id} @bugs;
+my @bugids = map {$_->bug_id} grep {!$_->error} @bugs;
 $vars->{'bugids'} = join(", ", @bugids);
 
 # Next bug in list (if there is one)

diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl
index d9dc627d265d6b009b30740c48a153d294ffa0df..4c2a270f3fc6566e0c7585d33aa4542b2a4b00f7 100644 (file)
--- a/template/en/default/bug/show-multiple.html.tmpl
+++ b/template/en/default/bug/show-multiple.html.tmpl
@@ -53,7 +53,7 @@
 [% BLOCK bug_display %]
   <h1>
     [% terms.Bug %] 
-    <a href="show_bug.cgi?id=[% bug.bug_id %]">[% bug.bug_id %]</a>
+    <a href="show_bug.cgi?id=[% bug.bug_id FILTER html %]">[% bug.bug_id FILTER html %]</a>
     [% IF Param("usebugaliases") AND bug.alias AND NOT bug.error %]
       ([% bug.alias FILTER html %])
     [% END %]

diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index 1ea527c396b79495059648b14e8edfbab0b0d482..ceff7ed9432ace2118dc0776fe867bd129bdb1d7 100644 (file)
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -335,7 +335,6 @@
 ],
 
 'bug/show-multiple.html.tmpl' => [
-  'bug.bug_id', 
   'attachment.id', 
   'flag.status',
 ],