From 026539311662235ea26f5f3cfe885322846db6fb Mon Sep 17 00:00:00 2001
From: "gerv%gerv.net" <>
Date: Sun, 7 Sep 2003 02:23:09 +0000
Subject: Bug 207044 - Filter more template directives. None of these are
 security bugs, but they need fixing anyway. Patch by gerv; r,a=justdave.

---
 Bugzilla/Template.pm | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'Bugzilla/Template.pm')

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 2cb017d17..06be9243c 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -256,6 +256,11 @@ sub create {
                 $var =~ s/\@/\&#64;/g;
                 return $var;
             },
+            
+            # We force filtering of every variable in key security-critical
+            # places; we have a none filter for people to use when they 
+            # really, really don't want a variable to be changed.
+            none => sub { return $_[0]; } ,
         },
 
         PLUGIN_BASE => 'Bugzilla::Template::Plugin',
-- 
cgit v1.2.3-24-g4f1b