summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xchecksetup.pl1
-rw-r--r--globals.pl14
-rwxr-xr-xprocess_bug.cgi3
-rw-r--r--t/004template.t1
-rw-r--r--template/en/default/global/hidden-fields.html.tmpl3
5 files changed, 18 insertions, 4 deletions
diff --git a/checksetup.pl b/checksetup.pl
index 2cd2d4d94..e8d6747e8 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -892,6 +892,7 @@ END
strike => sub { return $_; } ,
js => sub { return $_; },
html => sub { return $_; },
+ html_linebreak => sub { return $_; },
url_quote => sub { return $_; },
},
}) || die ("Could not create Template: " . Template->error() . "\n");
diff --git a/globals.pl b/globals.pl
index 31bed4f06..19be37b81 100644
--- a/globals.pl
+++ b/globals.pl
@@ -1561,6 +1561,20 @@ $::template ||= Template->new(
html => \&html_quote ,
+ # HTML collapses newlines in element attributes to a single space,
+ # so form elements which may have whitespace (ie comments) need
+ # to be encoded using 
+ # See bugs 4928, 22983 and 32000 for more details
+ html_linebreak => sub
+ {
+ my ($var) = @_;
+ $var =~ s/\r\n/\
/g;
+ $var =~ s/\n\r/\
/g;
+ $var =~ s/\r/\
/g;
+ $var =~ s/\n/\
/g;
+ return $var;
+ } ,
+
# This subroutine in CGI.pl escapes characters in a variable
# or value string for use in a query string. It escapes all
# characters NOT in the regex set: [a-zA-Z0-9_\-.]. The 'uri'
diff --git a/process_bug.cgi b/process_bug.cgi
index f061d4455..582960b46 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -959,9 +959,6 @@ foreach my $id (@idlist) {
$vars->{'start_at'} = $::FORM{'longdesclength'};
$vars->{'comments'} = GetComments($id);
-
- $::FORM{'comment'} =~ s/\r\n/\n/g; # Get rid of windows-style line endings.
- $::FORM{'comment'} =~ s/\r/\n/g; # Get rid of mac-style line endings.
$::FORM{'delta_ts'} = $delta_ts;
$vars->{'form'} = \%::FORM;
diff --git a/t/004template.t b/t/004template.t
index ba50c1e66..730aafc86 100644
--- a/t/004template.t
+++ b/t/004template.t
@@ -77,6 +77,7 @@ my $template = Template->new(
# See globals.pl for the actual codebase definitions.
FILTERS =>
{
+ html_linebreak => sub { return $_; },
js => sub { return $_ } ,
strike => sub { return $_ } ,
url_quote => sub { return $_ } ,
diff --git a/template/en/default/global/hidden-fields.html.tmpl b/template/en/default/global/hidden-fields.html.tmpl
index 76040bea1..25c6b048f 100644
--- a/template/en/default/global/hidden-fields.html.tmpl
+++ b/template/en/default/global/hidden-fields.html.tmpl
@@ -28,5 +28,6 @@
[%# Generate hidden form fields for non-excluded fields. %]
[% FOREACH field = form %]
[% NEXT IF exclude && field.key.search(exclude) %]
- <input type="hidden" name="[% field.key %]" value="[% field.value FILTER html %]">
+ <input type="hidden" name="[% field.key %]"
+ value="[% field.value | html | html_newline %]">
[% END %]