]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 09894bd)
Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized...
authorFrédéric Buclin <LpSolit@gmail.com>
Wed, 16 Oct 2013 17:17:39 +0000 (19:17 +0200)
committerFrédéric Buclin <LpSolit@gmail.com>
Wed, 16 Oct 2013 17:17:39 +0000 (19:17 +0200)
r=dkl a=glob

template/en/default/admin/flag-type/edit.html.tmpl patch | blob | blame | history
template/en/default/filterexceptions.pl patch | blob | blame | history

diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index b8de6c735d5b28411d37d98f187a6413dd3c9bdb..ab70e232b671af0fca30c1c647c747bb59453044 100644 (file)
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -36,7 +36,7 @@
 <form id="flagtype_properties" method="post" action="editflagtypes.cgi">
   <input type="hidden" name="action" value="[% action FILTER html %]">
   <input type="hidden" name="can_fully_edit" value="[% can_fully_edit FILTER html %]">
-  <input type="hidden" name="id" value="[% type.id %]">
+  <input type="hidden" name="id" value="[% type.id FILTER html %]">
   <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="hidden" name="target_type" value="[% type.target_type FILTER html %]">
   <input type="hidden" name="check_clusions" value="[% check_clusions FILTER none %]">
@@ -133,8 +133,8 @@
         this type will be sorted when displayed to users in a list; ignore if you
         don't care what order the types appear in or if you want them to appear
         in alphabetical order.<br>
-        <input type="text" name="sortkey" value="[% type.sortkey || 1 %]" size="5" maxlength="5"
-               [%- ' disabled="disabled"' UNLESS can_fully_edit %]>
+        <input type="text" name="sortkey" value="[% type.sortkey || 1 FILTER html %]" size="5"
+               maxlength="5" [% ' disabled="disabled"' UNLESS can_fully_edit %]>
       </td>
     </tr>
 
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index b0cb1ba4b4f2e63eac1c24ac9e5710755449db95..18986252742c447c15b4bf1f15c7c9f368eb2eb3 100644 (file)
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -389,8 +389,6 @@
 ],
 
 'admin/flag-type/edit.html.tmpl' => [
-  'type.id', 
-  'type.sortkey || 1',
   'selname',
 ],
 
Mirror of https://github.com/bugzilla/bugzilla.git