launchpad-reviewers team mailing list archive

Thread
Date

[Merge] lp:~wallyworld/launchpad/multicheckboxwidget-unescaped-items into lp:launchpad

To: mp+57108@xxxxxxxxxxxxxxxxxx
From: Ian Booth <ian.booth@xxxxxxxxxxxxx>
Date: Mon, 11 Apr 2011 04:59:36 -0000
Reply-to: mp+57108@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Ian Booth has proposed merging lp:~wallyworld/launchpad/multicheckboxwidget-unescaped-items into lp:launchpad.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~wallyworld/launchpad/multicheckboxwidget-unescaped-items/+merge/57108

Very minor tweak to inline-multicheckbox-widget.pt to close a security hole. We don't currently use the affected part of the template but best to close the hole now before someone falls in.


-- 
https://code.launchpad.net/~wallyworld/launchpad/multicheckboxwidget-unescaped-items/+merge/57108
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~wallyworld/launchpad/multicheckboxwidget-unescaped-items into lp:launchpad.

=== modified file 'lib/lp/app/templates/inline-multicheckbox-widget.pt'
--- lib/lp/app/templates/inline-multicheckbox-widget.pt	2011-03-16 01:51:38 +0000
+++ lib/lp/app/templates/inline-multicheckbox-widget.pt	2011-04-11 04:59:26 +0000
@@ -23,7 +23,7 @@
                   tal:content="structure item/fmt:link"/>
               <li tal:condition="not:view/linkify_items"
                   tal:repeat="item items"
-                  tal:content="structure item"/>
+                  tal:content="item/displayname"/>
         </ul>
     <tal:items-close-tag replace="structure view/items_close_tag"/>
   </span>