Skip to content

bugzilla
bugzilla
Commit d2895af6 authored by preed%sigkill.com's avatar preed%sigkill.com
Browse files
Options

Bug 147486 - Fixes cross site scripting issues; first checked in on the 2.14.1…

Bug 147486 - Fixes cross site scripting issues; first checked in on the 2.14.1 branch, but I forgot the 2.16 branch/trunk (thanks bbaetz); patch=preed, r=bbaetz,myk
parent bd9136c7
Show whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
editusers.cgi
View file @ d2895af6
...@@ -343,7 +343,7 @@ if ($action eq 'list') { ...@@ -343,7 +343,7 @@ if ($action eq 'list') {
$s = "<STRIKE>"; $s = "<STRIKE>";
$e = "</STRIKE>"; $e = "</STRIKE>";
} }
$realname ||= "<FONT COLOR=\"red\">missing</FONT>"; $realname = ($realname ? html_quote($realname) : "<FONT COLOR=\"red\">missing</FONT>");
print "<TR>\n"; print "<TR>\n";
print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$s$user$e</B></A></TD>\n"; print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$s$user$e</B></A></TD>\n";
print " <TD VALIGN=\"top\">$s$realname$e</TD>\n"; print " <TD VALIGN=\"top\">$s$realname$e</TD>\n";
...@@ -542,7 +542,7 @@ if ($action eq 'del') { ...@@ -542,7 +542,7 @@ if ($action eq 'del') {
WHERE login_name=" . SqlQuote($user)); WHERE login_name=" . SqlQuote($user));
my ($realname, $groupset) = my ($realname, $groupset) =
FetchSQLData(); FetchSQLData();
$realname ||= "<FONT COLOR=\"red\">missing</FONT>"; $realname = ($realname ? html_quote($realname) : "<FONT COLOR=\"red\">missing</FONT>");
print "<TABLE BORDER=1 CELLPADDING=4 CELLSPACING=0>\n"; print "<TABLE BORDER=1 CELLPADDING=4 CELLSPACING=0>\n";
print "<TR BGCOLOR=\"#6666FF\">\n"; print "<TR BGCOLOR=\"#6666FF\">\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment