Mercurial > p > roundup > code
view website/issues/html/keyword.item.html @ 8357:abf1297e7a94
bug(security): fix XSS exploit in devel and responsive templates
Replace all occurances of:
tal:content="structure context/MUMBLE/plain"
with
tal:content="context/MUMBLE/plain"
This seems to have been an old way to handle display of a field when
the user did not have edit rights. It does not occur in current (later
than 2009) classic tracker templates. But probably was unsed in
earlier classic templates since devel, reponsive and the roundup issue
tracker templates were based on classic.
Add CVE placeholder to security.txt and link to fix directions added
to upgrading.txt. Add note in announcement.txt and CHANGES.txt
Add a details element around the table of contents in the upgrading
guide. It was getting long.
Updated a missed XSS issue in the roundup tracker template. Live site
is already fixed.
XSS bug reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 13:38:08 -0400 |
| parents | eff9c5435acc |
| children |
line wrap: on
line source
<!-- dollarId: keyword.item,v 1.3 2002/05/22 00:32:34 richard Exp dollar--> <tal:block metal:use-macro="templates/page/macros/icing"> <title metal:fill-slot="head_title" i18n:translate="">Keyword editing - <span i18n:name="tracker" tal:replace="config/TRACKER_NAME" /></title> <span metal:fill-slot="body_title" tal:omit-tag="python:1" i18n:translate="">Keyword editing</span> <td class="content" metal:fill-slot="content"> <table class="otherinfo" tal:define="keywords db/keyword/list" tal:condition="keywords"> <tr><th colspan="4" class="header" i18n:translate="">Existing Keywords</th></tr> <tr tal:repeat="start python:range(0, len(keywords), 4)"> <td width="25%" tal:define="batch python:utils.Batch(keywords, 4, start)" tal:repeat="keyword batch"> <a tal:attributes="href string:keyword${keyword/id}" tal:content="keyword/name">keyword here</a> </td> </tr> <tr> <td colspan="4" style="border-top: 1px solid gray" i18n:translate=""> To edit an existing keyword (for spelling or typing errors), click on its entry above. </td> </tr> </table> <p class="help" tal:condition="not:context/id" i18n:translate=""> To create a new keyword, enter it below and click "Submit New Entry". </p> <form method="POST" onSubmit="return submit_once()" enctype="multipart/form-data" tal:attributes="action context/designator"> <table class="form"> <tr> <th i18n:translate="">Keyword</th> <td tal:content="structure python:context.name.field(size=60)">name</td> </tr> <tr> <th class="required" i18n:translate="">Description:</th> <td tal:content="structure python:context.description.field(size=60)">description</td> </tr> <tr> <td tal:condition="not:context/id"> <tal:comment tal:replace="nothing"> If we get here and do not have an id, we are creating a new keyword. It would be nice to provide some mechanism to determine the preferred state of the "Continue adding keywords" checkbox. By default I have it enabled. </tal:comment> <input type="checkbox" id="continue_new_keyword" name="__redirect_to" tal:attributes="value string:${request/base}${request/env/PATH_INFO}?@template=item; checked python:True" /> <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label> </td> </tr> <tr> <td> <input type="hidden" name="@required" value="name"> <input type="hidden" name="@template" value="item"> </td> <td colspan=3 tal:content="structure context/submit"> submit button will go here </td> </tr> </table> </form> </td> </tal:block>