From 82fc6ac8956c0f92d63646c324f5d98205cbdecf Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 5 May 2008 05:09:08 +0000
Subject: [PATCH] Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered
 for format=multiple - Patch by Bradley Baetz <bbaetz@acm.org> r=mkanat
 r=LpSolit r=wurblzap a=LpSolit

---
 show_bug.cgi                                    | 2 +-
 template/en/default/bug/show-multiple.html.tmpl | 2 +-
 template/en/default/filterexceptions.pl         | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/show_bug.cgi b/show_bug.cgi
index bc6faa8a58..50168e24ca 100755
--- a/show_bug.cgi
+++ b/show_bug.cgi
@@ -99,7 +99,7 @@ $vars->{'bugs'} = \@bugs;
 $vars->{'marks'} = \%marks;
 $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count();
 
-my @bugids = map {$_->bug_id} @bugs;
+my @bugids = map {$_->bug_id} grep {!$_->error} @bugs;
 $vars->{'bugids'} = join(", ", @bugids);
 
 # Next bug in list (if there is one)
diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl
index d9dc627d26..4c2a270f3f 100644
--- a/template/en/default/bug/show-multiple.html.tmpl
+++ b/template/en/default/bug/show-multiple.html.tmpl
@@ -53,7 +53,7 @@
 [% BLOCK bug_display %]
   <h1>
     [% terms.Bug %] 
-    <a href="show_bug.cgi?id=[% bug.bug_id %]">[% bug.bug_id %]</a>
+    <a href="show_bug.cgi?id=[% bug.bug_id FILTER html %]">[% bug.bug_id FILTER html %]</a>
     [% IF Param("usebugaliases") AND bug.alias AND NOT bug.error %]
       ([% bug.alias FILTER html %])
     [% END %]
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index 1ea527c396..ceff7ed943 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -335,7 +335,6 @@
 ],
 
 'bug/show-multiple.html.tmpl' => [
-  'bug.bug_id', 
   'attachment.id', 
   'flag.status',
 ],
-- 
2.47.2