From 353c8741a797f56f1ae7df078b1dd7ceac49713e Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Fri, 18 Jan 2013 21:24:13 +0100
Subject: [PATCH] Fix #15384 XSS vulnerability on summary page

---
 core/summary_api.php |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/core/summary_api.php b/core/summary_api.php
index abdbbc4..638cabf 100644
--- a/core/summary_api.php
+++ b/core/summary_api.php
@@ -27,7 +27,10 @@
  */
 require_once( $g_absolute_path . 'config_filter_defaults_inc.php' );
 
-function summary_helper_print_row( $p_label, $p_open, $p_resolved, $p_closed, $p_total ) {
+function summary_helper_print_row( $p_label, $p_open, $p_resolved, $p_closed, $p_total, $p_sanitize_label = true ) {
+	if ( $p_sanitize_label ) {
+		$p_label = string_display_line ( $p_label );
+	}
 	printf( '<tr %s>', helper_alternate_class() );
 	printf( '<td width="50%%">%s</td>', $p_label );
 	printf( '<td width="12%%" class="right">%s</td>', $p_open );
@@ -464,7 +467,7 @@ function summary_print_by_developer() {
 				$t_bugs_total = $t_bug_link . '&amp;' . FILTER_PROPERTY_HIDE_STATUS_ID . '=">' . $t_bugs_total . '</a>';
 			}
 
-			summary_helper_print_row( $t_user, $t_bugs_open, $t_bugs_resolved, $t_bugs_closed, $t_bugs_total );
+			summary_helper_print_row( $t_user, $t_bugs_open, $t_bugs_resolved, $t_bugs_closed, $t_bugs_total, false );
 
 			$t_bugs_open = 0;
 			$t_bugs_resolved = 0;
@@ -501,7 +504,7 @@ function summary_print_by_developer() {
 			$t_bugs_total = $t_bug_link . '&amp;' . FILTER_PROPERTY_HIDE_STATUS_ID . '=">' . $t_bugs_total . '</a>';
 		}
 
-		summary_helper_print_row( $t_user, $t_bugs_open, $t_bugs_resolved, $t_bugs_closed, $t_bugs_total );
+		summary_helper_print_row( $t_user, $t_bugs_open, $t_bugs_resolved, $t_bugs_closed, $t_bugs_total, false );
 	}
 }
 
-- 
1.7.7.1.msysgit.0