From: Frédéric Buclin Date: Wed, 16 Oct 2013 17:20:36 +0000 (+0200) Subject: Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized... X-Git-Tag: bugzilla-4.0.11~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77abf72db023e53835603a9c1eec2095838b633d;p=thirdparty%2Fbugzilla.git Bug 924802: (CVE-2013-1742) [SECURITY] (XSS) "id" and "sortkey" are not sanitized when editing flag types if categoryAction-foo is set r=dkl a=glob --- diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl index ebebf50821..6be88f1b4b 100644 --- a/template/en/default/admin/flag-type/edit.html.tmpl +++ b/template/en/default/admin/flag-type/edit.html.tmpl @@ -53,10 +53,10 @@ %]
- - + + - + [% FOREACH category = type.inclusions %] [% END %] @@ -143,7 +143,7 @@ when displayed to users in a list; ignore if you don't care what order the types appear in or if you want them to appear in alphabetical order
- + diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 5ae93e3d35..e04e9de147 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -424,10 +424,6 @@ ], 'admin/flag-type/edit.html.tmpl' => [ - 'action', - 'type.id', - 'type.target_type', - 'type.sortkey || 1', 'typeLabelLowerPlural', 'typeLabelLowerSingular', 'selname',