From dafe5cefe2091b4238b5cff82c1d1826a02c1a5a Mon Sep 17 00:00:00 2001 From: "gerv%gerv.net" Date: Wed, 24 Apr 2002 18:27:43 +0000 Subject: [PATCH] Bug 136180 - use uri/url_quote filters correctly. Patch by ddk; 2xr=gerv. --- webtools/bugzilla/Bugzilla/Token.pm | 6 +++--- webtools/bugzilla/Token.pm | 6 +++--- webtools/bugzilla/globals.pl | 7 +++++++ webtools/bugzilla/t/004template.t | 5 +++-- .../template/en/default/account/email/change-new.txt.tmpl | 4 ++-- .../template/en/default/account/email/change-old.txt.tmpl | 2 +- .../template/en/default/bug/create/create.html.tmpl | 2 +- webtools/bugzilla/template/en/default/bug/edit.html.tmpl | 2 +- .../template/en/default/global/choose-product.html.tmpl | 2 +- webtools/bugzilla/template/en/default/list/list.html.tmpl | 3 ++- webtools/bugzilla/template/en/default/list/table.html.tmpl | 6 ++++-- .../template/en/default/reports/keywords.html.tmpl | 2 +- webtools/bugzilla/template/en/default/sidebar.xul.tmpl | 2 +- 13 files changed, 30 insertions(+), 19 deletions(-) diff --git a/webtools/bugzilla/Bugzilla/Token.pm b/webtools/bugzilla/Bugzilla/Token.pm index 39584bd9c21..1400face967 100644 --- a/webtools/bugzilla/Bugzilla/Token.pm +++ b/webtools/bugzilla/Bugzilla/Token.pm @@ -67,7 +67,7 @@ sub IssueEmailChangeToken { $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix'); $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix'); - $vars->{'token'} = &::url_quote($token); + $vars->{'token'} = $token; $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix'); my $message; @@ -78,7 +78,7 @@ sub IssueEmailChangeToken { print SENDMAIL $message; close SENDMAIL; - $vars->{'token'} = &::url_quote($newtoken); + $vars->{'token'} = $newtoken; $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix'); $message = ""; @@ -211,7 +211,7 @@ sub Cancel { $vars->{'emailaddress'} = $username; $vars->{'maintainer'} = $maintainer; $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'}; - $vars->{'token'} = &::url_quote($token); + $vars->{'token'} = $token; $vars->{'tokentype'} = $tokentype; $vars->{'issuedate'} = $issuedate; $vars->{'eventdata'} = $eventdata; diff --git a/webtools/bugzilla/Token.pm b/webtools/bugzilla/Token.pm index 39584bd9c21..1400face967 100644 --- a/webtools/bugzilla/Token.pm +++ b/webtools/bugzilla/Token.pm @@ -67,7 +67,7 @@ sub IssueEmailChangeToken { $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix'); $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix'); - $vars->{'token'} = &::url_quote($token); + $vars->{'token'} = $token; $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix'); my $message; @@ -78,7 +78,7 @@ sub IssueEmailChangeToken { print SENDMAIL $message; close SENDMAIL; - $vars->{'token'} = &::url_quote($newtoken); + $vars->{'token'} = $newtoken; $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix'); $message = ""; @@ -211,7 +211,7 @@ sub Cancel { $vars->{'emailaddress'} = $username; $vars->{'maintainer'} = $maintainer; $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'}; - $vars->{'token'} = &::url_quote($token); + $vars->{'token'} = $token; $vars->{'tokentype'} = $tokentype; $vars->{'issuedate'} = $issuedate; $vars->{'eventdata'} = $eventdata; diff --git a/webtools/bugzilla/globals.pl b/webtools/bugzilla/globals.pl index 2b9434738f4..ced8b4f8739 100644 --- a/webtools/bugzilla/globals.pl +++ b/webtools/bugzilla/globals.pl @@ -1616,6 +1616,13 @@ $::template ||= Template->new( } , html => \&html_quote , + + # This subroutine in CGI.pl escapes characters in a variable + # or value string for use in a query string. It escapes all + # characters NOT in the regex set: [a-zA-Z0-9_\-.]. The 'uri' + # filter should be used for a full URL that may have + # characters that need encoding. + url_quote => \&url_quote , } , } ) || DisplayError("Template creation failed: " . Template->error()) diff --git a/webtools/bugzilla/t/004template.t b/webtools/bugzilla/t/004template.t index 2f9b252b210..a63dbd64f16 100644 --- a/webtools/bugzilla/t/004template.t +++ b/webtools/bugzilla/t/004template.t @@ -63,8 +63,9 @@ my $template = Template->new( # actually have to function in this test, just be defined. FILTERS => { - strike => sub { return $_ } , - js => sub { return $_ } + js => sub { return $_ } , + strike => sub { return $_ } , + url_quote => sub { return $_ } , }, } ); diff --git a/webtools/bugzilla/template/en/default/account/email/change-new.txt.tmpl b/webtools/bugzilla/template/en/default/account/email/change-new.txt.tmpl index 5a5ae253576..4739c50e7d1 100644 --- a/webtools/bugzilla/template/en/default/account/email/change-new.txt.tmpl +++ b/webtools/bugzilla/template/en/default/account/email/change-new.txt.tmpl @@ -27,10 +27,10 @@ for the [% oldemailaddress %] account to your address. To confirm the change, visit the following link: -[% Param('urlbase') %]token.cgi?a=cfmem&t=[% token FILTER html %] +[% Param('urlbase') %]token.cgi?a=cfmem&t=[% token FILTER url_quote %] If you are not the person who made this request, or you wish to cancel this request, visit the following link: -[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER html %] +[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %] diff --git a/webtools/bugzilla/template/en/default/account/email/change-old.txt.tmpl b/webtools/bugzilla/template/en/default/account/email/change-old.txt.tmpl index 82ecf1dfcce..ac42cccb053 100644 --- a/webtools/bugzilla/template/en/default/account/email/change-old.txt.tmpl +++ b/webtools/bugzilla/template/en/default/account/email/change-old.txt.tmpl @@ -31,5 +31,5 @@ for your account to [% newemailaddress %]. If you are not the person who made this request, or you wish to cancel this request, visit the following link: -[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER html %] +[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %] diff --git a/webtools/bugzilla/template/en/default/bug/create/create.html.tmpl b/webtools/bugzilla/template/en/default/bug/create/create.html.tmpl index fe9688acdcf..5047a213151 100644 --- a/webtools/bugzilla/template/en/default/bug/create/create.html.tmpl +++ b/webtools/bugzilla/template/en/default/bug/create/create.html.tmpl @@ -71,7 +71,7 @@ - + Component: diff --git a/webtools/bugzilla/template/en/default/bug/edit.html.tmpl b/webtools/bugzilla/template/en/default/bug/edit.html.tmpl index deeb4e24d63..2dfd4278f95 100644 --- a/webtools/bugzilla/template/en/default/bug/edit.html.tmpl +++ b/webtools/bugzilla/template/en/default/bug/edit.html.tmpl @@ -90,7 +90,7 @@ - + Component: diff --git a/webtools/bugzilla/template/en/default/global/choose-product.html.tmpl b/webtools/bugzilla/template/en/default/global/choose-product.html.tmpl index 1d68f7fe77a..df7e0fb489f 100644 --- a/webtools/bugzilla/template/en/default/global/choose-product.html.tmpl +++ b/webtools/bugzilla/template/en/default/global/choose-product.html.tmpl @@ -27,7 +27,7 @@ [% FOREACH p = proddesc.keys.sort %] - + [% p FILTER html %]: diff --git a/webtools/bugzilla/template/en/default/list/list.html.tmpl b/webtools/bugzilla/template/en/default/list/list.html.tmpl index 1665d7a1e35..15d5fc0a055 100644 --- a/webtools/bugzilla/template/en/default/list/list.html.tmpl +++ b/webtools/bugzilla/template/en/default/list/list.html.tmpl @@ -25,6 +25,7 @@ [% DEFAULT title = "Bug List" %] [% style_url = "css/buglist.css" %] +[% qorder = order FILTER url_quote IF order %] [%############################################################################%] @@ -137,7 +138,7 @@ [% IF bugs.size > 1 && caneditbugs && !dotweak %] Change Several + [%- "&order=$qorder" FILTER html IF order %]&tweak=1">Change Several Bugs at Once    [% END %] diff --git a/webtools/bugzilla/template/en/default/list/table.html.tmpl b/webtools/bugzilla/template/en/default/list/table.html.tmpl index 2afc9bb9d63..230fb08759d 100644 --- a/webtools/bugzilla/template/en/default/list/table.html.tmpl +++ b/webtools/bugzilla/template/en/default/list/table.html.tmpl @@ -49,6 +49,8 @@ } %] +[% qorder = order FILTER url_quote IF order %] + [%############################################################################%] [%# Table Header #%] [%############################################################################%] @@ -98,8 +100,8 @@ [% BLOCK columnheader %] + [% column.name FILTER url_quote FILTER html %] + [% ",$qorder" FILTER html IF order %]"> [%- abbrev.$id.title || column.title -%] [% END %] diff --git a/webtools/bugzilla/template/en/default/reports/keywords.html.tmpl b/webtools/bugzilla/template/en/default/reports/keywords.html.tmpl index 28f684f4612..665e360c0e5 100644 --- a/webtools/bugzilla/template/en/default/reports/keywords.html.tmpl +++ b/webtools/bugzilla/template/en/default/reports/keywords.html.tmpl @@ -53,7 +53,7 @@ [% keyword.description %] [% IF keyword.bugcount > 0 %] - + [% keyword.bugcount %] [% ELSE %] none diff --git a/webtools/bugzilla/template/en/default/sidebar.xul.tmpl b/webtools/bugzilla/template/en/default/sidebar.xul.tmpl index 6523176424a..65af4de4c95 100644 --- a/webtools/bugzilla/template/en/default/sidebar.xul.tmpl +++ b/webtools/bugzilla/template/en/default/sidebar.xul.tmpl @@ -98,7 +98,7 @@ function normal_keypress_handler( aEvent ) { [%- END %] [%- FOREACH name = namedqueries %] - + [% END %] [% ELSE %]