зеркало из https://github.com/mozilla/gecko-dev.git
Bug 202278: Quips are escaped now, no need for HTML-like blocking - Patch by Fr�d�ric Buclin <LpSolit@gmail.com> r=wurblzap a=myk
This commit is contained in:
Родитель
c71eb7127c
Коммит
dd28989c37
|
@ -79,7 +79,6 @@ if ($action eq "add") {
|
||||||
(Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0;
|
(Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0;
|
||||||
my $comment = $cgi->param("quip");
|
my $comment = $cgi->param("quip");
|
||||||
$comment || ThrowUserError("need_quip");
|
$comment || ThrowUserError("need_quip");
|
||||||
$comment !~ m/</ || ThrowUserError("no_html_in_quips");
|
|
||||||
|
|
||||||
SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " .
|
SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " .
|
||||||
'(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')');
|
'(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')');
|
||||||
|
|
|
@ -858,11 +858,6 @@
|
||||||
and an error
|
and an error
|
||||||
occurred opening yesterday's dupes file: [% error_msg FILTER html %].
|
occurred opening yesterday's dupes file: [% error_msg FILTER html %].
|
||||||
|
|
||||||
[% ELSIF error == "no_html_in_quips" %]
|
|
||||||
[% title = "No HTML In Quips" %]
|
|
||||||
Sorry - for security reasons, support for HTML tags has been turned off
|
|
||||||
in quips.
|
|
||||||
|
|
||||||
[% ELSIF error == "no_new_quips" %]
|
[% ELSIF error == "no_new_quips" %]
|
||||||
[% title = "No New Quips" %]
|
[% title = "No New Quips" %]
|
||||||
This site does not permit the addition of new quips.
|
This site does not permit the addition of new quips.
|
||||||
|
|
Загрузка…
Ссылка в новой задаче