summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2008-04-30 03:41:18 +0200
committerlpsolit%gmail.com <>2008-04-30 03:41:18 +0200
commit4e8eba7e7e1ea9007ce2dc8c51ffdf6c377d8b9b (patch)
tree508374953e35963f4a8cbb33804d7e2fe6a3785b
parent43b6f4a4dcdd5bc740c15f4d0550086376e79f33 (diff)
downloadbugzilla-4e8eba7e7e1ea9007ce2dc8c51ffdf6c377d8b9b.tar.gz
bugzilla-4e8eba7e7e1ea9007ce2dc8c51ffdf6c377d8b9b.tar.xz
Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse Clark <jjclark1982@gmail.com> r/a=LpSolit
-rw-r--r--template/en/default/global/userselect.html.tmpl8
1 files changed, 6 insertions, 2 deletions
diff --git a/template/en/default/global/userselect.html.tmpl b/template/en/default/global/userselect.html.tmpl
index fd0466318..e27ca0d6f 100644
--- a/template/en/default/global/userselect.html.tmpl
+++ b/template/en/default/global/userselect.html.tmpl
@@ -49,10 +49,14 @@
[% custom_userlist = user.get_userlist %]
[% END %]
+ [% SET selected = {} %]
+ [% FOREACH selected_value IN value.split(', ') %]
+ [% SET selected.$selected_value = 1 %]
+ [% END %]
[% FOREACH tmpuser = custom_userlist %]
- [% IF tmpuser.visible OR value.match("\\b$tmpuser.login\\b") %]
+ [% IF tmpuser.visible OR selected.${tmpuser.login} == 1 %]
<option value="[% tmpuser.login FILTER html %]"
- [% " selected=\"selected\"" IF value.match("\\b$tmpuser.login\\b") %]
+ [% " selected=\"selected\"" IF selected.${tmpuser.login} == 1 %]
>[% tmpuser.identity FILTER html %]</option>
[% END %]
[% END %]