"Impersonate this user" link on editusers.cgi uses incorrect filter

RESOLVED FIXED in Bugzilla 2.22

Status

()

RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: reed, Assigned: reed)

Tracking

3.0.2
Bugzilla 2.22
Bug Flags:
approval +
approval3.0 +
approval2.22 +

Details

Attachments

(1 attachment)

Created attachment 296681 [details] [diff] [review]
patch - v1

Noticed this while I was working on another bug.

          <a href="relogin.cgi?action=prepare-sudo&amp;target_login=
          [%- otheruser.login FILTER html %]">Impersonate this user</a>

That "html" filter should be "url_quote" instead, or else e-mail addresses that have characters like '+' in them will not be escaped properly.
Attachment #296681 - Flags: review?(LpSolit)

Comment 1

11 years ago
Comment on attachment 296681 [details] [diff] [review]
patch - v1

Yes, this fixes the problem. r=LpSolit
Attachment #296681 - Flags: review?(LpSolit) → review+
(Assignee)

Updated

11 years ago
Flags: approval?
Flags: approval3.0?

Comment 2

11 years ago
This bug also exists in Bugzilla 2.22. Let's take it on this branch too.
Flags: approval?
Flags: approval3.0?
Flags: approval3.0+
Flags: approval2.22+
Flags: approval+
Target Milestone: Bugzilla 3.0 → Bugzilla 2.22
(Assignee)

Comment 3

11 years ago
tip

Checking in template/en/default/admin/users/userdata.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/userdata.html.tmpl,v  <--  userdata.html.tmpl
new revision: 1.12; previous revision: 1.11
done


BUGZILLA-3_0-BRANCH

Checking in template/en/default/admin/users/userdata.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/userdata.html.tmpl,v  <--  userdata.html.tmpl
new revision: 1.8.2.2; previous revision: 1.8.2.1
done


BUGZILLA-2_22-BRANCH

Checking in template/en/default/admin/users/userdata.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/users/userdata.html.tmpl,v  <--  userdata.html.tmpl
new revision: 1.5.2.1; previous revision: 1.5
done
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.