Resolve two XSS (closes: #504608)

diff --git a/Debbugs/CGI.pm b/Debbugs/CGI.pm
index e2780036b5262d44fdb56dbf716bcdac45b35b2d..f4cd20e06df112efd2daa84e0d4d1780f2d0e1b9 100644 (file)
--- a/Debbugs/CGI.pm
+++ b/Debbugs/CGI.pm
@@ -867,7 +867,8 @@ sub option_form{
               if (defined $value and $o_value eq $value) {
                    $selected = ' selected';
               }
-              $output .= qq(<option value="$o_value"$selected>$name</option>\n);
+              $output .= q(<option value=").html_escape($o_value).qq("$selected>).
+                  html_escape($name).qq(</option>\n);
          }
          return $output;
      };

diff --git a/debian/changelog b/debian/changelog
index 5a9bd170037e6fe9b82d4c3a2fb83d3b7f0c0278..725a32e9182d11186f46a88d508e47488696c5b4 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -232,6 +232,7 @@ debbugs (2.4.2) UNRELEASED; urgency=low
     (closes: #452905)
   * Deal properly with leading spaces in query arguments (closes: #158375)
   * Only send out control help when control is mailed (closes: #499941)
+  * Resolve two XSS (closes: #504608)
 
   
  -- Colin Watson <cjwatson@debian.org>  Fri, 20 Jun 2003 18:57:25 +0100

diff --git a/templates/en_US/cgi/pkgreport_options_search_key.tmpl b/templates/en_US/cgi/pkgreport_options_search_key.tmpl
index 1c2ecd9df0421086cf050980b7afd34f5402e7d8..e09fdff3f889374336598897e6303658f49e4a2f 100644 (file)
--- a/templates/en_US/cgi/pkgreport_options_search_key.tmpl
+++ b/templates/en_US/cgi/pkgreport_options_search_key.tmpl
@@ -1,6 +1,6 @@
 <nobr><select name="_fo_searchkey">
 {output_select_options(\@search_key_order,$search||'')}
 </select>
-<input type="text" name="_fo_searchvalue" value ="{$search_value||''}">
+<input type="text" name="_fo_searchvalue" value ="{html_escape($search_value||'')}">
 <!-- {$value_index} -->
 </nobr>