From: Reed Loden <reed@reedloden.com>
Date: Mon, 24 Jan 2011 18:08:37 +0000 (-0800)
Subject: Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in "possible duplicates" table... 
X-Git-Tag: bugzilla-4.1.1~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=078c49317674c5d62135deff544a0b72a4546cdf;p=thirdparty%2Fbugzilla.git

Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in "possible duplicates" table due to lack of encoding by YUI
[r=mkanat a=LpSolit]
---

diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index a2e7b7eaed..8c717760ed 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -533,7 +533,8 @@ TUI_hide_default('attachment_text_field');
               { key: "id", label: "[% field_descs.bug_id FILTER js %]",
                 formatter: YAHOO.bugzilla.dupTable.formatBugLink },
               { key: "summary", 
-                label: "[% field_descs.short_desc FILTER js %]" },
+                label: "[% field_descs.short_desc FILTER js %]",
+                formatter: "text" },
               { key: "status",
                 label: "[% field_descs.bug_status FILTER js %]",
                 formatter: YAHOO.bugzilla.dupTable.formatStatus },