diff options
| author | Simon Green <sgreen+mozilla@redhat.com> | 2012-05-17 15:23:35 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-05-17 15:23:35 +0200 |
| commit | 5ec002f8c6aaf5dba9039ac8ae5898b07af4afee (patch) | |
| tree | 907da17ba5833678b2968f5c2db8522795b294e0 | |
| parent | 74697b930064a2b07bed7f09a699f7abcb6a2dd6 (diff) | |
| download | bugzilla-5ec002f8c6aaf5dba9039ac8ae5898b07af4afee.tar.gz bugzilla-5ec002f8c6aaf5dba9039ac8ae5898b07af4afee.tar.xz | |
Bug 752751: Perl modules that start with a protocol (eg HTTP::Header) are not escaped correctly in SAFE_URL_REGEXP
r/a=LpSolit
| -rw-r--r-- | Bugzilla/Template.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 527b704b2..c907f9267 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -69,7 +69,7 @@ use constant FORMAT_2_SIZE => [19,55]; # Pseudo-constant. sub SAFE_URL_REGEXP { my $safe_protocols = join('|', SAFE_PROTOCOLS); - return qr/($safe_protocols):[^\s<>\"]+[\w\/]/i; + return qr/($safe_protocols):[^:\s<>\"][^\s<>\"]+[\w\/]/i; } # Convert the constants in the Bugzilla::Constants module into a hash we can |