From 58b92d3b0245f6565a7ff34e78fce1e9ec56b355 Mon Sep 17 00:00:00 2001 From: Manish Goregaokar Date: Thu, 17 Apr 2014 18:27:05 +0200 Subject: Bug 968576: [SECURITY] Dangerous control characters allowed in Bugzilla text r=glob a=justdave --- template/en/default/email/bugmail.txt.tmpl | 2 +- template/en/default/email/flagmail.txt.tmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'template/en/default/email') diff --git a/template/en/default/email/bugmail.txt.tmpl b/template/en/default/email/bugmail.txt.tmpl index 95cda7f10..1f04db7b1 100644 --- a/template/en/default/email/bugmail.txt.tmpl +++ b/template/en/default/email/bugmail.txt.tmpl @@ -19,7 +19,7 @@ [%- IF comment.count %] --- Comment #[% comment.count %] from [% comment.author.identity %] --- [% END %] -[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) %] +[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %] [% END %] [% IF referenced_bugs.size %] diff --git a/template/en/default/email/flagmail.txt.tmpl b/template/en/default/email/flagmail.txt.tmpl index 26b60143d..fe514e103 100644 --- a/template/en/default/email/flagmail.txt.tmpl +++ b/template/en/default/email/flagmail.txt.tmpl @@ -69,7 +69,7 @@ Attachment [% attidsummary %] [%-# .defined is necessary to avoid a taint issue, see bug 509794. %] [% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %] ------- Additional Comments from [% user.identity %] -[%+ Bugzilla.cgi.param("comment") %] +[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %] [% END %] [%- END %] -- cgit v1.2.1