diff options
| author | gerv%gerv.net <> | 2003-09-07 04:23:09 +0200 |
|---|---|---|
| committer | gerv%gerv.net <> | 2003-09-07 04:23:09 +0200 |
| commit | 026539311662235ea26f5f3cfe885322846db6fb (patch) | |
| tree | 97ded73af263f79157ec928cc0fc56c82e8b9334 /Bugzilla | |
| parent | 94266c521b3e388b41f3dd6f74948a9ec71997d5 (diff) | |
| download | bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.gz bugzilla-026539311662235ea26f5f3cfe885322846db6fb.tar.xz | |
Bug 207044 - Filter more template directives. None of these are security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Template.pm | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 2cb017d17..06be9243c 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -256,6 +256,11 @@ sub create { $var =~ s/\@/\@/g; return $var; }, + + # We force filtering of every variable in key security-critical + # places; we have a none filter for people to use when they + # really, really don't want a variable to be changed. + none => sub { return $_[0]; } , }, PLUGIN_BASE => 'Bugzilla::Template::Plugin', |