diff options
| author | lpsolit%gmail.com <> | 2005-06-30 06:54:49 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2005-06-30 06:54:49 +0200 |
| commit | 3277ac732e00522fbe403350b24054361413aca1 (patch) | |
| tree | 621cce1ff60de7c6f343cfef1ead96cf3ad790ac /quips.cgi | |
| parent | 57d0baf53ea8063ebf633f9aea1a2d71af14145c (diff) | |
| download | bugzilla-3277ac732e00522fbe403350b24054361413aca1.tar.gz bugzilla-3277ac732e00522fbe403350b24054361413aca1.tar.xz | |
Bug 202278: Quips are escaped now, no need for HTML-like blocking - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=myk
Diffstat (limited to 'quips.cgi')
| -rwxr-xr-x | quips.cgi | 1 |
1 files changed, 0 insertions, 1 deletions
@@ -79,7 +79,6 @@ if ($action eq "add") { (Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0; my $comment = $cgi->param("quip"); $comment || ThrowUserError("need_quip"); - $comment !~ m/</ || ThrowUserError("no_html_in_quips"); SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " . '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')'); |