diff options
| author | gerv%gerv.net <> | 2002-04-25 03:25:49 +0200 |
|---|---|---|
| committer | gerv%gerv.net <> | 2002-04-25 03:25:49 +0200 |
| commit | e0abf5a6e9bc24ddda2b38d260859192a6bbbc3a (patch) | |
| tree | 6b4474964be2195b24b879ecdbaf8b3836fe0c4b | |
| parent | c61b13b2ce5e7a980ea338df23a6dcccede84f37 (diff) | |
| download | bugzilla-e0abf5a6e9bc24ddda2b38d260859192a6bbbc3a.tar.gz bugzilla-e0abf5a6e9bc24ddda2b38d260859192a6bbbc3a.tar.xz | |
Bug 136180 - use uri/url_quote filters correctly. Patch by ddk; 2xr=gerv.
| -rw-r--r-- | Bugzilla/Token.pm | 6 | ||||
| -rw-r--r-- | Token.pm | 6 | ||||
| -rw-r--r-- | globals.pl | 7 | ||||
| -rw-r--r-- | t/004template.t | 5 | ||||
| -rw-r--r-- | template/en/default/account/email/change-new.txt.tmpl | 4 | ||||
| -rw-r--r-- | template/en/default/account/email/change-old.txt.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/bug/create/create.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/bug/edit.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/global/choose-product.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/list/list.html.tmpl | 3 | ||||
| -rw-r--r-- | template/en/default/list/table.html.tmpl | 6 | ||||
| -rw-r--r-- | template/en/default/reports/keywords.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/sidebar.xul.tmpl | 2 |
13 files changed, 30 insertions, 19 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 39584bd9c..1400face9 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -67,7 +67,7 @@ sub IssueEmailChangeToken { $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix'); $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix'); - $vars->{'token'} = &::url_quote($token); + $vars->{'token'} = $token; $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix'); my $message; @@ -78,7 +78,7 @@ sub IssueEmailChangeToken { print SENDMAIL $message; close SENDMAIL; - $vars->{'token'} = &::url_quote($newtoken); + $vars->{'token'} = $newtoken; $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix'); $message = ""; @@ -211,7 +211,7 @@ sub Cancel { $vars->{'emailaddress'} = $username; $vars->{'maintainer'} = $maintainer; $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'}; - $vars->{'token'} = &::url_quote($token); + $vars->{'token'} = $token; $vars->{'tokentype'} = $tokentype; $vars->{'issuedate'} = $issuedate; $vars->{'eventdata'} = $eventdata; @@ -67,7 +67,7 @@ sub IssueEmailChangeToken { $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix'); $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix'); - $vars->{'token'} = &::url_quote($token); + $vars->{'token'} = $token; $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix'); my $message; @@ -78,7 +78,7 @@ sub IssueEmailChangeToken { print SENDMAIL $message; close SENDMAIL; - $vars->{'token'} = &::url_quote($newtoken); + $vars->{'token'} = $newtoken; $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix'); $message = ""; @@ -211,7 +211,7 @@ sub Cancel { $vars->{'emailaddress'} = $username; $vars->{'maintainer'} = $maintainer; $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'}; - $vars->{'token'} = &::url_quote($token); + $vars->{'token'} = $token; $vars->{'tokentype'} = $tokentype; $vars->{'issuedate'} = $issuedate; $vars->{'eventdata'} = $eventdata; diff --git a/globals.pl b/globals.pl index 2b9434738..ced8b4f87 100644 --- a/globals.pl +++ b/globals.pl @@ -1616,6 +1616,13 @@ $::template ||= Template->new( } , html => \&html_quote , + + # This subroutine in CGI.pl escapes characters in a variable + # or value string for use in a query string. It escapes all + # characters NOT in the regex set: [a-zA-Z0-9_\-.]. The 'uri' + # filter should be used for a full URL that may have + # characters that need encoding. + url_quote => \&url_quote , } , } ) || DisplayError("Template creation failed: " . Template->error()) diff --git a/t/004template.t b/t/004template.t index 2f9b252b2..a63dbd64f 100644 --- a/t/004template.t +++ b/t/004template.t @@ -63,8 +63,9 @@ my $template = Template->new( # actually have to function in this test, just be defined. FILTERS => { - strike => sub { return $_ } , - js => sub { return $_ } + js => sub { return $_ } , + strike => sub { return $_ } , + url_quote => sub { return $_ } , }, } ); diff --git a/template/en/default/account/email/change-new.txt.tmpl b/template/en/default/account/email/change-new.txt.tmpl index 5a5ae2535..4739c50e7 100644 --- a/template/en/default/account/email/change-new.txt.tmpl +++ b/template/en/default/account/email/change-new.txt.tmpl @@ -27,10 +27,10 @@ for the [% oldemailaddress %] account to your address. To confirm the change, visit the following link: -[% Param('urlbase') %]token.cgi?a=cfmem&t=[% token FILTER html %] +[% Param('urlbase') %]token.cgi?a=cfmem&t=[% token FILTER url_quote %] If you are not the person who made this request, or you wish to cancel this request, visit the following link: -[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER html %] +[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %] diff --git a/template/en/default/account/email/change-old.txt.tmpl b/template/en/default/account/email/change-old.txt.tmpl index 82ecf1dfc..ac42cccb0 100644 --- a/template/en/default/account/email/change-old.txt.tmpl +++ b/template/en/default/account/email/change-old.txt.tmpl @@ -31,5 +31,5 @@ for your account to [% newemailaddress %]. If you are not the person who made this request, or you wish to cancel this request, visit the following link: -[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER html %] +[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %] diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl index fe9688acd..5047a2131 100644 --- a/template/en/default/bug/create/create.html.tmpl +++ b/template/en/default/bug/create/create.html.tmpl @@ -71,7 +71,7 @@ <td align="right" valign="top"> <strong> - <a href="describecomponents.cgi?product=[% product FILTER uri %]"> + <a href="describecomponents.cgi?product=[% product FILTER url_quote %]"> Component:</a> </strong> </td> diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index deeb4e24d..2dfd4278f 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -90,7 +90,7 @@ <tr> <td align="right"> <b> - <a href="describecomponents.cgi?product=[% bug.product FILTER uri %]"> + <a href="describecomponents.cgi?product=[% bug.product FILTER url_quote %]"> Component</a>: </b> </td> diff --git a/template/en/default/global/choose-product.html.tmpl b/template/en/default/global/choose-product.html.tmpl index 1d68f7fe7..df7e0fb48 100644 --- a/template/en/default/global/choose-product.html.tmpl +++ b/template/en/default/global/choose-product.html.tmpl @@ -27,7 +27,7 @@ [% FOREACH p = proddesc.keys.sort %] <tr> <th align="right" valign="top"> - <a href="[% target %]?product=[% p FILTER uri %]"> + <a href="[% target %]?product=[% p FILTER url_quote %]"> [% p FILTER html %]</a>: </th> diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl index 1665d7a1e..15d5fc0a0 100644 --- a/template/en/default/list/list.html.tmpl +++ b/template/en/default/list/list.html.tmpl @@ -25,6 +25,7 @@ [% DEFAULT title = "Bug List" %] [% style_url = "css/buglist.css" %] +[% qorder = order FILTER url_quote IF order %] [%############################################################################%] @@ -137,7 +138,7 @@ [% IF bugs.size > 1 && caneditbugs && !dotweak %] <a href="buglist.cgi?[% urlquerypart %] - [%- "&order=$order" FILTER uri html IF order %]&tweak=1">Change Several + [%- "&order=$qorder" FILTER html IF order %]&tweak=1">Change Several Bugs at Once</a> [% END %] diff --git a/template/en/default/list/table.html.tmpl b/template/en/default/list/table.html.tmpl index 2afc9bb9d..230fb0875 100644 --- a/template/en/default/list/table.html.tmpl +++ b/template/en/default/list/table.html.tmpl @@ -49,6 +49,8 @@ } %] +[% qorder = order FILTER url_quote IF order %] + [%############################################################################%] [%# Table Header #%] [%############################################################################%] @@ -98,8 +100,8 @@ [% BLOCK columnheader %] <th colspan="[% splitheader ? 2 : 1 %]"> <a href="buglist.cgi?[% urlquerypart %]&order= - [% column.name FILTER uri html %] - [% ",$order" FILTER uri html IF order %]"> + [% column.name FILTER url_quote FILTER html %] + [% ",$qorder" FILTER html IF order %]"> [%- abbrev.$id.title || column.title -%]</a> </th> [% END %] diff --git a/template/en/default/reports/keywords.html.tmpl b/template/en/default/reports/keywords.html.tmpl index 28f684f46..665e360c0 100644 --- a/template/en/default/reports/keywords.html.tmpl +++ b/template/en/default/reports/keywords.html.tmpl @@ -53,7 +53,7 @@ <td>[% keyword.description %]</td> <td align="right"> [% IF keyword.bugcount > 0 %] - <A HREF="buglist.cgi?keywords=[% keyword.name FILTER uri %]"> + <a href="buglist.cgi?keywords=[% keyword.name FILTER url_quote %]"> [% keyword.bugcount %]</a> [% ELSE %] none diff --git a/template/en/default/sidebar.xul.tmpl b/template/en/default/sidebar.xul.tmpl index 652317642..65af4de4c 100644 --- a/template/en/default/sidebar.xul.tmpl +++ b/template/en/default/sidebar.xul.tmpl @@ -98,7 +98,7 @@ function normal_keypress_handler( aEvent ) { [%- END %] [%- FOREACH name = namedqueries %] - <text class="text-link" onclick="load_relative_url('buglist.cgi?cmdtype=runnamed&namedcmd=[% name FILTER uri %]')" value="[% name FILTER html %]"/> + <text class="text-link" onclick="load_relative_url('buglist.cgi?cmdtype=runnamed&namedcmd=[% name FILTER url_quote %]')" value="[% name FILTER html %]"/> [% END %] [% ELSE %] |