diff options
-rwxr-xr-x | checksetup.pl | 1 | ||||
-rw-r--r-- | globals.pl | 14 | ||||
-rwxr-xr-x | process_bug.cgi | 3 | ||||
-rw-r--r-- | t/004template.t | 1 | ||||
-rw-r--r-- | template/en/default/global/hidden-fields.html.tmpl | 3 |
5 files changed, 18 insertions, 4 deletions
diff --git a/checksetup.pl b/checksetup.pl index 2cd2d4d94..e8d6747e8 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -892,6 +892,7 @@ END strike => sub { return $_; } , js => sub { return $_; }, html => sub { return $_; }, + html_linebreak => sub { return $_; }, url_quote => sub { return $_; }, }, }) || die ("Could not create Template: " . Template->error() . "\n"); diff --git a/globals.pl b/globals.pl index 31bed4f06..19be37b81 100644 --- a/globals.pl +++ b/globals.pl @@ -1561,6 +1561,20 @@ $::template ||= Template->new( html => \&html_quote , + # HTML collapses newlines in element attributes to a single space, + # so form elements which may have whitespace (ie comments) need + # to be encoded using 
 + # See bugs 4928, 22983 and 32000 for more details + html_linebreak => sub + { + my ($var) = @_; + $var =~ s/\r\n/\
/g; + $var =~ s/\n\r/\
/g; + $var =~ s/\r/\
/g; + $var =~ s/\n/\
/g; + return $var; + } , + # This subroutine in CGI.pl escapes characters in a variable # or value string for use in a query string. It escapes all # characters NOT in the regex set: [a-zA-Z0-9_\-.]. The 'uri' diff --git a/process_bug.cgi b/process_bug.cgi index f061d4455..582960b46 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -959,9 +959,6 @@ foreach my $id (@idlist) { $vars->{'start_at'} = $::FORM{'longdesclength'}; $vars->{'comments'} = GetComments($id); - - $::FORM{'comment'} =~ s/\r\n/\n/g; # Get rid of windows-style line endings. - $::FORM{'comment'} =~ s/\r/\n/g; # Get rid of mac-style line endings. $::FORM{'delta_ts'} = $delta_ts; $vars->{'form'} = \%::FORM; diff --git a/t/004template.t b/t/004template.t index ba50c1e66..730aafc86 100644 --- a/t/004template.t +++ b/t/004template.t @@ -77,6 +77,7 @@ my $template = Template->new( # See globals.pl for the actual codebase definitions. FILTERS => { + html_linebreak => sub { return $_; }, js => sub { return $_ } , strike => sub { return $_ } , url_quote => sub { return $_ } , diff --git a/template/en/default/global/hidden-fields.html.tmpl b/template/en/default/global/hidden-fields.html.tmpl index 76040bea1..25c6b048f 100644 --- a/template/en/default/global/hidden-fields.html.tmpl +++ b/template/en/default/global/hidden-fields.html.tmpl @@ -28,5 +28,6 @@ [%# Generate hidden form fields for non-excluded fields. %] [% FOREACH field = form %] [% NEXT IF exclude && field.key.search(exclude) %] - <input type="hidden" name="[% field.key %]" value="[% field.value FILTER html %]"> + <input type="hidden" name="[% field.key %]" + value="[% field.value | html | html_newline %]"> [% END %] |