diff options
author | lpsolit%gmail.com <> | 2008-04-30 03:41:18 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2008-04-30 03:41:18 +0200 |
commit | 4e8eba7e7e1ea9007ce2dc8c51ffdf6c377d8b9b (patch) | |
tree | 508374953e35963f4a8cbb33804d7e2fe6a3785b | |
parent | 43b6f4a4dcdd5bc740c15f4d0550086376e79f33 (diff) | |
download | bugzilla-4e8eba7e7e1ea9007ce2dc8c51ffdf6c377d8b9b.tar.gz bugzilla-4e8eba7e7e1ea9007ce2dc8c51ffdf6c377d8b9b.tar.xz |
Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse Clark <jjclark1982@gmail.com> r/a=LpSolit
-rw-r--r-- | template/en/default/global/userselect.html.tmpl | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/template/en/default/global/userselect.html.tmpl b/template/en/default/global/userselect.html.tmpl index fd0466318..e27ca0d6f 100644 --- a/template/en/default/global/userselect.html.tmpl +++ b/template/en/default/global/userselect.html.tmpl @@ -49,10 +49,14 @@ [% custom_userlist = user.get_userlist %] [% END %] + [% SET selected = {} %] + [% FOREACH selected_value IN value.split(', ') %] + [% SET selected.$selected_value = 1 %] + [% END %] [% FOREACH tmpuser = custom_userlist %] - [% IF tmpuser.visible OR value.match("\\b$tmpuser.login\\b") %] + [% IF tmpuser.visible OR selected.${tmpuser.login} == 1 %] <option value="[% tmpuser.login FILTER html %]" - [% " selected=\"selected\"" IF value.match("\\b$tmpuser.login\\b") %] + [% " selected=\"selected\"" IF selected.${tmpuser.login} == 1 %] >[% tmpuser.identity FILTER html %]</option> [% END %] [% END %] |