From 8e72be6352972cf95a53d238dddbd5fd591ae0c0 Mon Sep 17 00:00:00 2001
From: Don Armstrong <don@donarmstrong.com>
Date: Tue, 2 Dec 2008 09:02:27 -0800
Subject: [PATCH] Resolve two XSS (closes: #504608)

---
 Debbugs/CGI.pm                                        | 3 ++-
 debian/changelog                                      | 1 +
 templates/en_US/cgi/pkgreport_options_search_key.tmpl | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Debbugs/CGI.pm b/Debbugs/CGI.pm
index e278003..f4cd20e 100644
--- a/Debbugs/CGI.pm
+++ b/Debbugs/CGI.pm
@@ -867,7 +867,8 @@ sub option_form{
 	       if (defined $value and $o_value eq $value) {
 		    $selected = ' selected';
 	       }
-	       $output .= qq(<option value="$o_value"$selected>$name</option>\n);
+	       $output .= q(<option value=").html_escape($o_value).qq("$selected>).
+		   html_escape($name).qq(</option>\n);
 	  }
 	  return $output;
      };
diff --git a/debian/changelog b/debian/changelog
index 5a9bd17..725a32e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -232,6 +232,7 @@ debbugs (2.4.2) UNRELEASED; urgency=low
     (closes: #452905)
   * Deal properly with leading spaces in query arguments (closes: #158375)
   * Only send out control help when control is mailed (closes: #499941)
+  * Resolve two XSS (closes: #504608)
 
   
  -- Colin Watson <cjwatson@debian.org>  Fri, 20 Jun 2003 18:57:25 +0100
diff --git a/templates/en_US/cgi/pkgreport_options_search_key.tmpl b/templates/en_US/cgi/pkgreport_options_search_key.tmpl
index 1c2ecd9..e09fdff 100644
--- a/templates/en_US/cgi/pkgreport_options_search_key.tmpl
+++ b/templates/en_US/cgi/pkgreport_options_search_key.tmpl
@@ -1,6 +1,6 @@
 <nobr><select name="_fo_searchkey">
 {output_select_options(\@search_key_order,$search||'')}
 </select>
-<input type="text" name="_fo_searchvalue" value ="{$search_value||''}">
+<input type="text" name="_fo_searchvalue" value ="{html_escape($search_value||'')}">
 <!-- {$value_index} -->
 </nobr>
-- 
2.39.2