From 4e8eba7e7e1ea9007ce2dc8c51ffdf6c377d8b9b Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Wed, 30 Apr 2008 01:41:18 +0000 Subject: Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse Clark r/a=LpSolit --- template/en/default/global/userselect.html.tmpl | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/template/en/default/global/userselect.html.tmpl b/template/en/default/global/userselect.html.tmpl index fd0466318..e27ca0d6f 100644 --- a/template/en/default/global/userselect.html.tmpl +++ b/template/en/default/global/userselect.html.tmpl @@ -49,10 +49,14 @@ [% custom_userlist = user.get_userlist %] [% END %] + [% SET selected = {} %] + [% FOREACH selected_value IN value.split(', ') %] + [% SET selected.$selected_value = 1 %] + [% END %] [% FOREACH tmpuser = custom_userlist %] - [% IF tmpuser.visible OR value.match("\\b$tmpuser.login\\b") %] + [% IF tmpuser.visible OR selected.${tmpuser.login} == 1 %] [% END %] [% END %] -- cgit v1.2.3-24-g4f1b