Commit 5d80ee9f authored by Frédéric Buclin's avatar Frédéric Buclin

Bug 790296 (CVE-2012-4189): [SECURITY] Field values are not escaped correctly in tabular reports

r=dkl a=LpSolit
parent 730d891d
......@@ -386,5 +386,5 @@ sub get_field_restrictions {
my $field = shift;
my $cgi = Bugzilla->cgi;
return join('&', map {"$field=$_"} $cgi->param($field));
return join('&', map {url_quote($field) . '=' . url_quote($_)} $cgi->param($field));
}
......@@ -85,7 +85,7 @@ YAHOO.util.Event.addListener(window, "load", function() {
var myColumnDefs = [
{key:"row_title", label:"", sortable:true, sortOptions: { sortFunction:totalNumberSorter }},
[% FOREACH col = col_names %]
{key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER js %]", sortable:true,
{key:"[% col FILTER js %]", label:"[% display_value(col_field, col) FILTER html FILTER js %]", sortable:true,
formatter:this.Linkify, sortOptions: { defaultDir: YAHOO.widget.DataTable.CLASS_DESC, sortFunction:totalNumberSorter }},
[% END %]
{key:"total", label:"Total", sortable:true, formatter:this.LinkifyTotal,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment