summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2007-10-08 05:56:23 +0200
committerlpsolit%gmail.com <>2007-10-08 05:56:23 +0200
commitbbd35c12bf6b886a7768c4c6d43d8dca21f549aa (patch)
treeddfc224d04529d9a832e30940275f4e49e1c5120 /Bugzilla
parent49d12c8c90c1bc6c72f0b3d1324a23002e79b6d3 (diff)
downloadbugzilla-bbd35c12bf6b886a7768c4c6d43d8dca21f549aa.tar.gz
bugzilla-bbd35c12bf6b886a7768c4c6d43d8dca21f549aa.tar.xz
Bug 398838: Remove the obsolete Util::value_quote() routine - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Template.pm6
-rw-r--r--Bugzilla/Util.pm24
2 files changed, 3 insertions, 27 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index c22502806..d8e23c939 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -144,8 +144,6 @@ sub quoteUrls {
# Do this by escaping \0 to \1\0, and replacing matches with \0\0$count\0\0
# \0 is used because it's unlikely to occur in the text, so the cost of
# doing this should be very small
- # Also, \0 won't appear in the value_quote'd bug title, so we don't have
- # to worry about bogus substitutions from there
# escape the 2nd escape char we're using
my $chr1 = chr(1);
@@ -265,7 +263,7 @@ sub get_attachment_link {
$className = "bz_obsolete";
}
# Prevent code injection in the title.
- $title = value_quote($title);
+ $title = html_quote(clean_text($title));
$link_text =~ s/ \[details\]$//;
my $linkval = "attachment.cgi?id=$attachid";
@@ -321,7 +319,7 @@ sub get_bug_link {
$title .= " - $bug_desc";
}
# Prevent code injection in the title.
- $title = value_quote($title);
+ $title = html_quote(clean_text($title));
my $linkval = "show_bug.cgi?id=$bug_num";
if (defined $comment_num) {
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index e15edc6b5..5c68a9092 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -33,7 +33,7 @@ use strict;
use base qw(Exporter);
@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural
detaint_signed
- html_quote url_quote value_quote xml_quote
+ html_quote url_quote xml_quote
css_class_quote html_light_quote url_decode
i_am_cgi get_netaddr correct_urlbase
lsearch
@@ -195,22 +195,6 @@ sub css_class_quote {
return $toencode;
}
-sub value_quote {
- my ($var) = (@_);
- $var =~ s/\&/\&amp;/g;
- $var =~ s/</\&lt;/g;
- $var =~ s/>/\&gt;/g;
- $var =~ s/\"/\&quot;/g;
- # See bug http://bugzilla.mozilla.org/show_bug.cgi?id=4928 for
- # explanation of why Bugzilla does this linebreak substitution.
- # This caused form submission problems in mozilla (bug 22983, 32000).
- $var =~ s/\r\n/\&#013;/g;
- $var =~ s/\n\r/\&#013;/g;
- $var =~ s/\r/\&#013;/g;
- $var =~ s/\n/\&#013;/g;
- return $var;
-}
-
sub xml_quote {
my ($var) = (@_);
$var =~ s/\&/\&amp;/g;
@@ -539,7 +523,6 @@ Bugzilla::Util - Generic utility functions for bugzilla
# Functions for quoting
html_quote($var);
url_quote($var);
- value_quote($var);
xml_quote($var);
# Functions for decoding
@@ -652,11 +635,6 @@ Quotes characters so that they may be included as part of a url.
Quotes characters so that they may be used as CSS class names. Spaces
are replaced by underscores.
-=item C<value_quote($val)>
-
-As well as escaping html like C<html_quote>, this routine converts newlines
-into &#013;, suitable for use in html attributes.
-
=item C<xml_quote($val)>
This is similar to C<html_quote>, except that ' is escaped to &apos;. This