Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
401b0d13
Commit
401b0d13
authored
May 19, 2010
by
Max Kanat-Alexander
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 565899: Make the html_linebreak filter safe by having it first call the
"html" filter r=LpSolit, a=LpSolit
parent
4095f067
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
4 additions
and
3 deletions
+4
-3
Template.pm
Bugzilla/Template.pm
+1
-0
008filter.t
t/008filter.t
+1
-1
code-error.html.tmpl
template/en/default/global/code-error.html.tmpl
+1
-1
hidden-fields.html.tmpl
template/en/default/global/hidden-fields.html.tmpl
+1
-1
No files found.
Bugzilla/Template.pm
View file @
401b0d13
...
@@ -532,6 +532,7 @@ sub create {
...
@@ -532,6 +532,7 @@ sub create {
# See bugs 4928, 22983 and 32000 for more details
# See bugs 4928, 22983 and 32000 for more details
html_linebreak
=>
sub
{
html_linebreak
=>
sub
{
my
(
$var
)
=
@_
;
my
(
$var
)
=
@_
;
$var
=
html_quote
(
$var
);
$var
=~
s/\r\n/\
/g
;
$var
=~
s/\r\n/\
/g
;
$var
=~
s/\n\r/\
/g
;
$var
=~
s/\n\r/\
/g
;
$var
=~
s/\r/\
/g
;
$var
=~
s/\r/\
/g
;
...
...
t/008filter.t
View file @
401b0d13
...
@@ -226,7 +226,7 @@ sub directive_ok {
...
@@ -226,7 +226,7 @@ sub directive_ok {
return
1
if
$directive
=~
/
FILTER
\
(
html
|
csv
|
js
|
base64
|
url_quote
|
css_class_quote
|
return
1
if
$directive
=~
/
FILTER
\
(
html
|
csv
|
js
|
base64
|
url_quote
|
css_class_quote
|
ics
|
quoteUrls
|
time
|
uri
|
xml
|
lower
|
html_light
|
ics
|
quoteUrls
|
time
|
uri
|
xml
|
lower
|
html_light
|
obsolete
|
inactive
|
closed
|
unitconvert
|
obsolete
|
inactive
|
closed
|
unitconvert
|
txt
|
none
)
\
b
/
x
;
txt
|
html_linebreak
|
none
)
\
b
/
x
;
return
0
;
return
0
;
}
}
...
...
template/en/default/global/code-error.html.tmpl
View file @
401b0d13
...
@@ -540,7 +540,7 @@
...
@@ -540,7 +540,7 @@
</table>
</table>
<p>Traceback:</p>
<p>Traceback:</p>
<pre>[% traceback FILTER html
FILTER html
_linebreak %]</pre>
<pre>[% traceback FILTER html_linebreak %]</pre>
[% IF variables %]
[% IF variables %]
<pre>
<pre>
...
...
template/en/default/global/hidden-fields.html.tmpl
View file @
401b0d13
...
@@ -52,7 +52,7 @@
...
@@ -52,7 +52,7 @@
[% ELSE %]
[% ELSE %]
[% FOREACH mvalue = cgi.param(field).slice(0) %]
[% FOREACH mvalue = cgi.param(field).slice(0) %]
<input type="hidden" name="[% field FILTER html %]"
<input type="hidden" name="[% field FILTER html %]"
value="[% mvalue FILTER html
FILTER html
_linebreak %]">
value="[% mvalue FILTER html_linebreak %]">
[% END %]
[% END %]
[% END %]
[% END %]
[% END %]
[% END %]
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment