summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorgerv%gerv.net <>2003-09-07 04:23:09 +0200
committergerv%gerv.net <>2003-09-07 04:23:09 +0200
commit026539311662235ea26f5f3cfe885322846db6fb (patch)
tree97ded73af263f79157ec928cc0fc56c82e8b9334 /Bugzilla
parent94266c521b3e388b41f3dd6f74948a9ec71997d5 (diff)
downloadbugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.gz
bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.xz
Bug 207044 - Filter more template directives. None of these are security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Template.pm5
1 files changed, 5 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 2cb017d17..06be9243c 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -256,6 +256,11 @@ sub create {
$var =~ s/\@/\&#64;/g;
return $var;
},
+
+ # We force filtering of every variable in key security-critical
+ # places; we have a none filter for people to use when they
+ # really, really don't want a variable to be changed.
+ none => sub { return $_[0]; } ,
},
PLUGIN_BASE => 'Bugzilla::Template::Plugin',