diff options
| author | lpsolit%gmail.com <> | 2005-06-30 06:54:49 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2005-06-30 06:54:49 +0200 |
| commit | 3277ac732e00522fbe403350b24054361413aca1 (patch) | |
| tree | 621cce1ff60de7c6f343cfef1ead96cf3ad790ac | |
| parent | 57d0baf53ea8063ebf633f9aea1a2d71af14145c (diff) | |
| download | bugzilla-3277ac732e00522fbe403350b24054361413aca1.tar.gz bugzilla-3277ac732e00522fbe403350b24054361413aca1.tar.xz | |
Bug 202278: Quips are escaped now, no need for HTML-like blocking - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=myk
| -rwxr-xr-x | quips.cgi | 1 | ||||
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 5 |
2 files changed, 0 insertions, 6 deletions
@@ -79,7 +79,6 @@ if ($action eq "add") { (Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0; my $comment = $cgi->param("quip"); $comment || ThrowUserError("need_quip"); - $comment !~ m/</ || ThrowUserError("no_html_in_quips"); SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " . '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')'); diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index f19ecbe33..2696ede15 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -858,11 +858,6 @@ and an error occurred opening yesterday's dupes file: [% error_msg FILTER html %]. - [% ELSIF error == "no_html_in_quips" %] - [% title = "No HTML In Quips" %] - Sorry - for security reasons, support for HTML tags has been turned off - in quips. - [% ELSIF error == "no_new_quips" %] [% title = "No New Quips" %] This site does not permit the addition of new quips. |