Bug 480044: Use dashes instead of colons to separate bug IDs in the BUGLIST cookie, because colons are HTML-escaped, making the cookie bigger than the 4k limit

r=mkanat a=LpSolit

2 files changed, 4 insertions, 3 deletions

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 0b639ee0d..f23873991 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -441,7 +441,8 @@ sub recent_search_for {
     # and the selected bug is in the list, then return the cookie as a fake
     # Search::Recent object.
     if (my $list = $cgi->cookie('BUGLIST')) {
-        my @bug_ids = split(':', $list);
+        # Also split on colons, which was used as a separator in old cookies.
+        my @bug_ids = split(/[:-]/, $list);
         if (grep { $_ == $bug->id } @bug_ids) {
             my $search = Bugzilla::Search::Recent->new_from_cookie(\@bug_ids);
             return $search;
@@ -512,7 +513,7 @@ sub save_last_search {
     # they may still want to navigate through the search they made while
     # logged out.
     else {
-        my $bug_list = join(":", @$bug_ids);
+        my $bug_list = join('-', @$bug_ids);
         if (length($bug_list) < 4000) {
             $cgi->send_cookie(-name => 'BUGLIST',
                               -value => $bug_list,
diff --git a/buglist.cgi b/buglist.cgi
index 64681b2cd..85162ff56 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -184,7 +184,7 @@ if (my $last_list = $cgi->param('regetlastlist')) {
         $cgi->cookie('BUGLIST') || ThrowUserError("missing_cookie");
         $order = "reuse last sort" unless $order;
         $bug_ids = $cgi->cookie('BUGLIST');
-        $bug_ids =~ s/:/,/g;
+        $bug_ids =~ s/[:-]/,/g;
     }
     # But logged in users store the last X searches in the DB so they can
     # have multiple bug lists available.