From 12f4d7307b930d091e1160a68ace687f13e7a64c Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Fri, 18 Apr 2014 21:03:43 +0000 Subject: Bug 998323 - URLs pasted in comments are no longer displayed r=LpSolit,a=justdave --- Bugzilla/Template.pm | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 08999b27a..98be21d55 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -162,13 +162,11 @@ sub quoteUrls { # (http://foo/bug#3 for example). Filtering that out filters valid # bug refs out, so we have to do replacements. # mailto can't contain space or #, so we don't have to bother for that - # Do this by escaping \0 to \1\0, and replacing matches with \0\0$count\0\0 - # \0 is used because it's unlikely to occur in the text, so the cost of - # doing this should be very small - - # escape the 2nd escape char we're using - my $chr1 = chr(1); - $text =~ s/\0/$chr1\0/g; + # Do this by replacing matches with \x{FDD2}$count\x{FDD3} + # \x{FDDx} is used because it's unlikely to occur in the text + # and are reserved unicode characters. We disable warnings for now + # until we require Perl 5.13.9 or newer. + no warnings 'utf8'; # However, note that adding the title (for buglinks) can affect things # In particular, attachment matches go before bug titles, so that titles @@ -195,11 +193,11 @@ sub quoteUrls { $1, $2, $3, $4, $5, $6, $7, $8, $9, $10]})) - && ("\0\0" . ($count-1) . "\0\0")/egx; + && ("\x{FDD2}" . ($count-1) . "\x{FDD3}")/egx; } else { $text =~ s/$match/($things[$count++] = $replace) - && ("\0\0" . ($count-1) . "\0\0")/egx; + && ("\x{FDD2}" . ($count-1) . "\x{FDD3}")/egx; } } @@ -209,7 +207,7 @@ sub quoteUrls { Bugzilla->params->{'sslbase'})) . ')'; $text =~ s~\b(${urlbase_re}\Qshow_bug.cgi?id=\E([0-9]+)(\#c([0-9]+))?)\b ~($things[$count++] = get_bug_link($3, $1, { comment_num => $5, user => $user })) && - ("\0\0" . ($count-1) . "\0\0") + ("\x{FDD2}" . ($count-1) . "\x{FDD3}") ~egox; # non-mailto protocols @@ -217,7 +215,7 @@ sub quoteUrls { $text =~ s~\b($safe_protocols) ~($tmp = html_quote($1)) && ($things[$count++] = "$tmp") && - ("\0\0" . ($count-1) . "\0\0") + ("\x{FDD2}" . ($count-1) . "\x{FDD3}") ~egox; # We have to quote now, otherwise the html itself is escaped @@ -238,7 +236,7 @@ sub quoteUrls { # attachment links $text =~ s~\b(attachment\s*\#?\s*(\d+)(?:\s+\[details\])?) ~($things[$count++] = get_attachment_link($2, $1, $user)) && - ("\0\0" . ($count-1) . "\0\0") + ("\x{FDD2}" . ($count-1) . "\x{FDD3}") ~egmxi; # Current bug ID this comment belongs to @@ -268,9 +266,8 @@ sub quoteUrls { # Now remove the encoding hacks in reverse order for (my $i = $#things; $i >= 0; $i--) { - $text =~ s/\0\0($i)\0\0/$things[$i]/eg; + $text =~ s/\x{FDD2}($i)\x{FDD3}/$things[$i]/eg; } - $text =~ s/$chr1\0/\0/g; return $text; } -- cgit v1.2.3-24-g4f1b From 1a647ad3c634ac3836739c5258cd3ea2bcd99a9b Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Fri, 18 Apr 2014 23:49:16 +0200 Subject: Bug 998484: Release notes for Bugzilla 4.2.9 r=dkl a=justdave --- template/en/default/pages/release-notes.html.tmpl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/template/en/default/pages/release-notes.html.tmpl b/template/en/default/pages/release-notes.html.tmpl index c91dd77a7..f06c7450e 100644 --- a/template/en/default/pages/release-notes.html.tmpl +++ b/template/en/default/pages/release-notes.html.tmpl @@ -53,6 +53,13 @@

Updates in this 4.2.x Release

+

4.2.9

+ +

This release fixes one regression introduced in [% terms.Bugzilla %] 4.2.8 by + security [% terms.bug %] 968576: + URLs in [% terms.bug %] comments are displayed correctly again. + ([% terms.Bug %] 998323)

+

4.2.8

This release fixes one minor security issue. See the -- cgit v1.2.3-24-g4f1b From e5774c9349ba561bb3231b1b646ca75a244ba515 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Fri, 18 Apr 2014 22:12:01 +0000 Subject: Bump version to 4.2.9 --- Bugzilla/Constants.pm | 2 +- docs/en/xml/Bugzilla-Guide.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 46ff21ebf..c8ee1468a 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -202,7 +202,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.2.8+"; +use constant BUGZILLA_VERSION => "4.2.9"; # Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml index a12a0239b..be3fa9d32 100644 --- a/docs/en/xml/Bugzilla-Guide.xml +++ b/docs/en/xml/Bugzilla-Guide.xml @@ -32,9 +32,9 @@ For a devel release, simple bump bz-ver and bz-date --> - + - + -- cgit v1.2.3-24-g4f1b From 39412f01810dceff5ff92e6ffab03fb35ad71e7b Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Mon, 21 Apr 2014 21:05:14 +0000 Subject: Bumped version post-release --- Bugzilla/Constants.pm | 2 +- docs/en/xml/Bugzilla-Guide.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index c8ee1468a..778870e5f 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -202,7 +202,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "4.2.9"; +use constant BUGZILLA_VERSION => "4.2.9+"; # Location of the remote and local XML files to track new releases. use constant REMOTE_FILE => 'http://updates.bugzilla.org/bugzilla-update.xml'; diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml index be3fa9d32..77f48da2e 100644 --- a/docs/en/xml/Bugzilla-Guide.xml +++ b/docs/en/xml/Bugzilla-Guide.xml @@ -32,7 +32,7 @@ For a devel release, simple bump bz-ver and bz-date --> - + -- cgit v1.2.3-24-g4f1b