From bbd35c12bf6b886a7768c4c6d43d8dca21f549aa Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Mon, 8 Oct 2007 03:56:23 +0000 Subject: Bug 398838: Remove the obsolete Util::value_quote() routine - Patch by Frédéric Buclin r=mkanat a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Template.pm | 6 ++---- Bugzilla/Util.pm | 24 +----------------------- 2 files changed, 3 insertions(+), 27 deletions(-) (limited to 'Bugzilla') diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index c22502806..d8e23c939 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -144,8 +144,6 @@ sub quoteUrls { # Do this by escaping \0 to \1\0, and replacing matches with \0\0$count\0\0 # \0 is used because it's unlikely to occur in the text, so the cost of # doing this should be very small - # Also, \0 won't appear in the value_quote'd bug title, so we don't have - # to worry about bogus substitutions from there # escape the 2nd escape char we're using my $chr1 = chr(1); @@ -265,7 +263,7 @@ sub get_attachment_link { $className = "bz_obsolete"; } # Prevent code injection in the title. - $title = value_quote($title); + $title = html_quote(clean_text($title)); $link_text =~ s/ \[details\]$//; my $linkval = "attachment.cgi?id=$attachid"; @@ -321,7 +319,7 @@ sub get_bug_link { $title .= " - $bug_desc"; } # Prevent code injection in the title. - $title = value_quote($title); + $title = html_quote(clean_text($title)); my $linkval = "show_bug.cgi?id=$bug_num"; if (defined $comment_num) { diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index e15edc6b5..5c68a9092 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -33,7 +33,7 @@ use strict; use base qw(Exporter); @Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural detaint_signed - html_quote url_quote value_quote xml_quote + html_quote url_quote xml_quote css_class_quote html_light_quote url_decode i_am_cgi get_netaddr correct_urlbase lsearch @@ -195,22 +195,6 @@ sub css_class_quote { return $toencode; } -sub value_quote { - my ($var) = (@_); - $var =~ s/\&/\&/g; - $var =~ s//\>/g; - $var =~ s/\"/\"/g; - # See bug http://bugzilla.mozilla.org/show_bug.cgi?id=4928 for - # explanation of why Bugzilla does this linebreak substitution. - # This caused form submission problems in mozilla (bug 22983, 32000). - $var =~ s/\r\n/\ /g; - $var =~ s/\n\r/\ /g; - $var =~ s/\r/\ /g; - $var =~ s/\n/\ /g; - return $var; -} - sub xml_quote { my ($var) = (@_); $var =~ s/\&/\&/g; @@ -539,7 +523,6 @@ Bugzilla::Util - Generic utility functions for bugzilla # Functions for quoting html_quote($var); url_quote($var); - value_quote($var); xml_quote($var); # Functions for decoding @@ -652,11 +635,6 @@ Quotes characters so that they may be included as part of a url. Quotes characters so that they may be used as CSS class names. Spaces are replaced by underscores. -=item C - -As well as escaping html like C, this routine converts newlines -into , suitable for use in html attributes. - =item C This is similar to C, except that ' is escaped to '. This -- cgit v1.2.3-24-g4f1b