From: Don Armstrong <don@donarmstrong.com>
Date: Tue, 2 Dec 2008 17:02:27 +0000 (-0800)
Subject: Resolve two XSS (closes: #504608)
X-Git-Tag: release/2.6.0~467^2~9
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=8e72be6352972cf95a53d238dddbd5fd591ae0c0;hp=d1c9e4df65e46524673d8ddcbab1b687fb1db78b;p=debbugs.git

Resolve two XSS (closes: #504608)
---

diff --git a/Debbugs/CGI.pm b/Debbugs/CGI.pm
index e278003..f4cd20e 100644
--- a/Debbugs/CGI.pm
+++ b/Debbugs/CGI.pm
@@ -867,7 +867,8 @@ sub option_form{
 	       if (defined $value and $o_value eq $value) {
 		    $selected = ' selected';
 	       }
-	       $output .= qq(<option value="$o_value"$selected>$name</option>\n);
+	       $output .= q(<option value=").html_escape($o_value).qq("$selected>).
+		   html_escape($name).qq(</option>\n);
 	  }
 	  return $output;
      };
diff --git a/debian/changelog b/debian/changelog
index 5a9bd17..725a32e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -232,6 +232,7 @@ debbugs (2.4.2) UNRELEASED; urgency=low
     (closes: #452905)
   * Deal properly with leading spaces in query arguments (closes: #158375)
   * Only send out control help when control is mailed (closes: #499941)
+  * Resolve two XSS (closes: #504608)
 
   
  -- Colin Watson <cjwatson@debian.org>  Fri, 20 Jun 2003 18:57:25 +0100
diff --git a/templates/en_US/cgi/pkgreport_options_search_key.tmpl b/templates/en_US/cgi/pkgreport_options_search_key.tmpl
index 1c2ecd9..e09fdff 100644
--- a/templates/en_US/cgi/pkgreport_options_search_key.tmpl
+++ b/templates/en_US/cgi/pkgreport_options_search_key.tmpl
@@ -1,6 +1,6 @@
 <nobr><select name="_fo_searchkey">
 {output_select_options(\@search_key_order,$search||'')}
 </select>
-<input type="text" name="_fo_searchvalue" value ="{$search_value||''}">
+<input type="text" name="_fo_searchvalue" value ="{html_escape($search_value||'')}">
 <!-- {$value_index} -->
 </nobr>