From e8197359de731c92702a0736bb7f082a5f8cbe19 Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Thu, 2 Aug 2018 23:44:15 +0200
Subject: [PATCH] Fix XSS in bug_actiongroup.php

Issue summary was printed on bug_actiongroup.php without being
sanitized (CVE-2018-14895).

Fixes #24647
---
 bug_actiongroup.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bug_actiongroup.php b/bug_actiongroup.php
index 37cc981793..0b5788e9c9 100644
--- a/bug_actiongroup.php
+++ b/bug_actiongroup.php
@@ -353,7 +353,8 @@
 	$separator = lang_get( 'word_separator' );
 	foreach( $t_failed_ids as $t_id => $t_reason ) {
 		$label = sprintf( lang_get( 'label' ), string_get_bug_view_link( $t_id ) ) . $separator;
-		printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, bug_get_field( $t_id, 'summary' ), $t_reason );
+		$t_summary = string_display_line( bug_get_field( $t_id, 'summary' ) );
+		printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, $t_summary, $t_reason );
 	}
 	echo '</div>';
 	echo '</table><br />';