From: Reed Loden <reed@reedloden.com>
Date: Mon, 24 Jan 2011 18:09:19 +0000 (-0800)
Subject: Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in "possible duplicates" table... 
X-Git-Tag: bugzilla-4.0rc2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1b9fdeefdef639786fb9a989250ec694615fc70;p=thirdparty%2Fbugzilla.git

Bug 619648: (CVE-2010-4570) [SECURITY] XSS via summary in "possible duplicates" table due to lack of encoding by YUI
[r=mkanat a=LpSolit]
---

diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index d81523742a..57a267753c 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -530,7 +530,8 @@ TUI_hide_default('expert_fields');
               { key: "id", label: "[% field_descs.bug_id FILTER js %]",
                 formatter: YAHOO.bugzilla.dupTable.formatBugLink },
               { key: "summary", 
-                label: "[% field_descs.short_desc FILTER js %]" },
+                label: "[% field_descs.short_desc FILTER js %]",
+                formatter: "text" },
               { key: "status",
                 label: "[% field_descs.bug_status FILTER js %]",
                 formatter: YAHOO.bugzilla.dupTable.formatStatus },