summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-06-30 06:54:49 +0200
committerlpsolit%gmail.com <>2005-06-30 06:54:49 +0200
commit3277ac732e00522fbe403350b24054361413aca1 (patch)
tree621cce1ff60de7c6f343cfef1ead96cf3ad790ac
parent57d0baf53ea8063ebf633f9aea1a2d71af14145c (diff)
downloadbugzilla-3277ac732e00522fbe403350b24054361413aca1.tar.gz
bugzilla-3277ac732e00522fbe403350b24054361413aca1.tar.xz
Bug 202278: Quips are escaped now, no need for HTML-like blocking - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=myk
-rwxr-xr-xquips.cgi1
-rw-r--r--template/en/default/global/user-error.html.tmpl5
2 files changed, 0 insertions, 6 deletions
diff --git a/quips.cgi b/quips.cgi
index 766d1a792..d811ee5fe 100755
--- a/quips.cgi
+++ b/quips.cgi
@@ -79,7 +79,6 @@ if ($action eq "add") {
(Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0;
my $comment = $cgi->param("quip");
$comment || ThrowUserError("need_quip");
- $comment !~ m/</ || ThrowUserError("no_html_in_quips");
SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " .
'(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')');
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index f19ecbe33..2696ede15 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -858,11 +858,6 @@
and an error
occurred opening yesterday's dupes file: [% error_msg FILTER html %].
- [% ELSIF error == "no_html_in_quips" %]
- [% title = "No HTML In Quips" %]
- Sorry - for security reasons, support for HTML tags has been turned off
- in quips.
-
[% ELSIF error == "no_new_quips" %]
[% title = "No New Quips" %]
This site does not permit the addition of new quips.