From 401b0d1301cf419ff40d7cb82d2763b13accd26a Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Wed, 19 May 2010 10:20:09 -0700
Subject: Bug 565899: Make the html_linebreak filter safe by having it first
 call the "html" filter r=LpSolit, a=LpSolit

---
 Bugzilla/Template.pm | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Bugzilla/Template.pm')

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 71370a8c1..274ed8847 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -532,6 +532,7 @@ sub create {
             # See bugs 4928, 22983 and 32000 for more details
             html_linebreak => sub {
                 my ($var) = @_;
+                $var = html_quote($var);
                 $var =~ s/\r\n/\&#013;/g;
                 $var =~ s/\n\r/\&#013;/g;
                 $var =~ s/\r/\&#013;/g;
-- 
cgit v1.2.3-24-g4f1b