From f2324f7f307b99bf32ec0fcb4670f27971613264 Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Thu, 2 Aug 2018 23:44:15 +0200
Subject: [PATCH] Fix XSS in bug_actiongroup.php

Fixes #24647
---
 bug_actiongroup.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bug_actiongroup.php b/bug_actiongroup.php
index 37cc98179..0b5788e9c 100644
--- a/bug_actiongroup.php
+++ b/bug_actiongroup.php
@@ -353,7 +353,8 @@ if( count( $t_failed_ids ) > 0 ) {
 	$separator = lang_get( 'word_separator' );
 	foreach( $t_failed_ids as $t_id => $t_reason ) {
 		$label = sprintf( lang_get( 'label' ), string_get_bug_view_link( $t_id ) ) . $separator;
-		printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, bug_get_field( $t_id, 'summary' ), $t_reason );
+		$t_summary = string_display_line( bug_get_field( $t_id, 'summary' ) );
+		printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, $t_summary, $t_reason );
 	}
 	echo '</div>';
 	echo '</table><br />';
-- 
2.18.0