diff options
Diffstat (limited to 'Bugzilla/Util.pm')
| -rw-r--r-- | Bugzilla/Util.pm | 67 |
1 files changed, 39 insertions, 28 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 48507ff9e..a030a92dd 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -28,6 +28,7 @@ package Bugzilla::Util; +use 5.10.1; use strict; use base qw(Exporter); @@ -35,7 +36,7 @@ use base qw(Exporter); detaint_signed html_quote url_quote xml_quote css_class_quote html_light_quote - i_am_cgi correct_urlbase remote_ip validate_ip + i_am_cgi i_am_webservice correct_urlbase remote_ip validate_ip do_ssl_redirect_if_required use_attachbase diff_arrays on_main_db trim wrap_hard wrap_comment find_wrap_point @@ -44,7 +45,7 @@ use base qw(Exporter); bz_crypt generate_random_password validate_email_syntax clean_text get_text template_var disable_utf8 - detect_encoding); + detect_encoding email_filter); use Bugzilla::Constants; use Bugzilla::RNG qw(irand); @@ -57,7 +58,6 @@ use Digest; use Email::Address; use List::Util qw(first); use Scalar::Util qw(tainted blessed); -use Template::Filters; use Text::Wrap; use Encode qw(encode decode resolve_alias); use Encode::Guess; @@ -87,14 +87,17 @@ sub detaint_signed { # visible strings. # Bug 319331: Handle BiDi disruptions. sub html_quote { - my ($var) = Template::Filters::html_filter(@_); + my $var = shift; + $var =~ s/&/&/g; + $var =~ s/</</g; + $var =~ s/>/>/g; + $var =~ s/"/"/g; # Obscure '@'. $var =~ s/\@/\@/g; - if (Bugzilla->params->{'utf8'}) { - # Remove control characters if the encoding is utf8. - # Other multibyte encodings may be using this range; so ignore if not utf8. - $var =~ s/(?![\t\r\n])[[:cntrl:]]//g; + state $use_utf8 = Bugzilla->params->{'utf8'}; + + if ($use_utf8) { # Remove the following characters because they're # influencing BiDi: # -------------------------------------------------------- @@ -116,13 +119,16 @@ sub html_quote { # |U+200e|Left-To-Right Mark |0xe2 0x80 0x8e | # |U+200f|Right-To-Left Mark |0xe2 0x80 0x8f | # -------------------------------------------------------- - $var =~ s/[\x{202a}-\x{202e}]//g; + $var =~ tr/\x{202a}-\x{202e}//d; } return $var; } sub html_light_quote { my ($text) = @_; + # admin/table.html.tmpl calls |FILTER html_light| many times. + # There is no need to recreate the HTML::Scrubber object again and again. + my $scrubber = Bugzilla->process_cache->{html_scrubber}; # List of allowed HTML elements having no attributes. my @allow = qw(b strong em i u p br abbr acronym ins del cite code var @@ -144,7 +150,7 @@ sub html_light_quote { $text =~ s#$chr($safe)$chr#<$1>#go; return $text; } - else { + elsif (!$scrubber) { # We can be less restrictive. We can accept elements with attributes. push(@allow, qw(a blockquote q span)); @@ -187,14 +193,14 @@ sub html_light_quote { }, ); - my $scrubber = HTML::Scrubber->new(default => \@default, - allow => \@allow, - rules => \@rules, - comment => 0, - process => 0); - - return $scrubber->scrub($text); + Bugzilla->process_cache->{html_scrubber} = $scrubber = + HTML::Scrubber->new(default => \@default, + allow => \@allow, + rules => \@rules, + comment => 0, + process => 0); } + return $scrubber->scrub($text); } sub email_filter { @@ -253,6 +259,13 @@ sub i_am_cgi { return exists $ENV{'SERVER_SOFTWARE'} ? 1 : 0; } +sub i_am_webservice { + my $usage_mode = Bugzilla->usage_mode; + return $usage_mode == USAGE_MODE_XMLRPC + || $usage_mode == USAGE_MODE_JSON + || $usage_mode == USAGE_MODE_REST; +} + # This exists as a separate function from Bugzilla::CGI::redirect_to_https # because we don't want to create a CGI object during XML-RPC calls # (doing so can mess up XML-RPC). @@ -475,11 +488,11 @@ sub find_wrap_point { if (!$string) { return 0 } if (length($string) < $maxpos) { return length($string) } my $wrappoint = rindex($string, ",", $maxpos); # look for comma - if ($wrappoint < 0) { # can't find comma + if ($wrappoint <= 0) { # can't find comma $wrappoint = rindex($string, " ", $maxpos); # look for space - if ($wrappoint < 0) { # can't find space + if ($wrappoint <= 0) { # can't find space $wrappoint = rindex($string, "-", $maxpos); # look for hyphen - if ($wrappoint < 0) { # can't find hyphen + if ($wrappoint <= 0) { # can't find hyphen $wrappoint = $maxpos; # just truncate it } else { $wrappoint++; # leave hyphen on the left side @@ -730,10 +743,12 @@ sub get_text { sub template_var { my $name = shift; - my $cache = Bugzilla->request_cache->{util_template_var} ||= {}; - my $template = Bugzilla->template_inner; - my $lang = $template->context->{bz_language}; + my $request_cache = Bugzilla->request_cache; + my $cache = $request_cache->{util_template_var} ||= {}; + my $lang = $request_cache->{template_current_lang}->[0]; return $cache->{$lang}->{$name} if defined $cache->{$lang}; + + my $template = Bugzilla->template_inner($lang); my %vars; # Note: If we suddenly start needing a lot of template_var variables, # they should move into their own template, not field-descs. @@ -750,11 +765,7 @@ sub template_var { sub display_value { my ($field, $value) = @_; - my $value_descs = template_var('value_descs'); - if (defined $value_descs->{$field}->{$value}) { - return $value_descs->{$field}->{$value}; - } - return $value; + return template_var('value_descs')->{$field}->{$value} // $value; } sub disable_utf8 { |