From bbd35c12bf6b886a7768c4c6d43d8dca21f549aa Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 8 Oct 2007 03:56:23 +0000
Subject: Bug 398838: Remove the obsolete Util::value_quote() routine - Patch
 by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bugzilla/Template.pm    |  6 ++----
 Bugzilla/Util.pm        | 24 +-----------------------
 showdependencygraph.cgi |  2 +-
 t/007util.t             |  5 +----
 4 files changed, 5 insertions(+), 32 deletions(-)

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index c22502806..d8e23c939 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -144,8 +144,6 @@ sub quoteUrls {
     # Do this by escaping \0 to \1\0, and replacing matches with \0\0$count\0\0
     # \0 is used because it's unlikely to occur in the text, so the cost of
     # doing this should be very small
-    # Also, \0 won't appear in the value_quote'd bug title, so we don't have
-    # to worry about bogus substitutions from there
 
     # escape the 2nd escape char we're using
     my $chr1 = chr(1);
@@ -265,7 +263,7 @@ sub get_attachment_link {
             $className = "bz_obsolete";
         }
         # Prevent code injection in the title.
-        $title = value_quote($title);
+        $title = html_quote(clean_text($title));
 
         $link_text =~ s/ \[details\]$//;
         my $linkval = "attachment.cgi?id=$attachid";
@@ -321,7 +319,7 @@ sub get_bug_link {
             $title .= " - $bug_desc";
         }
         # Prevent code injection in the title.
-        $title = value_quote($title);
+        $title = html_quote(clean_text($title));
 
         my $linkval = "show_bug.cgi?id=$bug_num";
         if (defined $comment_num) {
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index e15edc6b5..5c68a9092 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -33,7 +33,7 @@ use strict;
 use base qw(Exporter);
 @Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural
                              detaint_signed
-                             html_quote url_quote value_quote xml_quote
+                             html_quote url_quote xml_quote
                              css_class_quote html_light_quote url_decode
                              i_am_cgi get_netaddr correct_urlbase
                              lsearch
@@ -195,22 +195,6 @@ sub css_class_quote {
     return $toencode;
 }
 
-sub value_quote {
-    my ($var) = (@_);
-    $var =~ s/\&/\&amp;/g;
-    $var =~ s/</\&lt;/g;
-    $var =~ s/>/\&gt;/g;
-    $var =~ s/\"/\&quot;/g;
-    # See bug http://bugzilla.mozilla.org/show_bug.cgi?id=4928 for 
-    # explanation of why Bugzilla does this linebreak substitution. 
-    # This caused form submission problems in mozilla (bug 22983, 32000).
-    $var =~ s/\r\n/\&#013;/g;
-    $var =~ s/\n\r/\&#013;/g;
-    $var =~ s/\r/\&#013;/g;
-    $var =~ s/\n/\&#013;/g;
-    return $var;
-}
-
 sub xml_quote {
     my ($var) = (@_);
     $var =~ s/\&/\&amp;/g;
@@ -539,7 +523,6 @@ Bugzilla::Util - Generic utility functions for bugzilla
   # Functions for quoting
   html_quote($var);
   url_quote($var);
-  value_quote($var);
   xml_quote($var);
 
   # Functions for decoding
@@ -652,11 +635,6 @@ Quotes characters so that they may be included as part of a url.
 Quotes characters so that they may be used as CSS class names. Spaces
 are replaced by underscores.
 
-=item C<value_quote($val)>
-
-As well as escaping html like C<html_quote>, this routine converts newlines
-into &#013;, suitable for use in html attributes.
-
 =item C<xml_quote($val)>
 
 This is similar to C<html_quote>, except that ' is escaped to &apos;. This
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index fd042f436..c4d371f45 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -71,7 +71,7 @@ sub CreateImagemap {
             # Pick up bugid from the mapdata label field. Getting the title from
             # bugtitle hash instead of mapdata allows us to get the summary even
             # when showsummary is off, and also gives us status and resolution.
-            my $bugtitle = value_quote($bugtitles{$bugid});
+            my $bugtitle = html_quote(clean_text($bugtitles{$bugid}));
             $map .= qq{<area alt="bug $bugid" name="bug$bugid" shape="rect" } .
                     qq{title="$bugtitle" href="$url" } .
                     qq{coords="$leftx,$topy,$rightx,$bottomy">\n};
diff --git a/t/007util.t b/t/007util.t
index 5f2c998d1..18d58148b 100644
--- a/t/007util.t
+++ b/t/007util.t
@@ -28,7 +28,7 @@ use lib 't';
 use Support::Files;
 
 BEGIN { 
-        use Test::More tests => 13;
+        use Test::More tests => 12;
         use_ok(Bugzilla);
         use_ok(Bugzilla::Util);
 }
@@ -48,9 +48,6 @@ is(html_quote("<lala&>"),"&lt;lala&amp;&gt;",'html_quote');
 #url_quote():
 is(url_quote("<lala&>gaa\"'[]{\\"),"%3Clala%26%3Egaa%22%27%5B%5D%7B%5C",'url_quote');
 
-#value_quote():
-is(value_quote("<lal\na&>g\naa\"'[\n]{\\"),"&lt;lal&#013;a&amp;&gt;g&#013;aa&quot;'[&#013;]{\\",'value_quote');
-
 #lsearch():
 my @list = ('apple','pear','plum','<"\\%');
 is(lsearch(\@list,'pear'),1,'lsearch 1');
-- 
cgit v1.2.3-24-g4f1b