From b1ef63e5bfc0d3995245b42154686db1400b2c22 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sun, 15 Oct 2006 03:26:50 +0000
Subject: =?UTF-8?q?Bug=20206037:=20[SECURITY]=20Fix=20escaping/quoting=20i?=
 =?UTF-8?q?n=20edit*.cgi=20scripts=20-=20Patch=20by=20Fr=C3=A9d=C3=A9ric?=
 =?UTF-8?q?=20Buclin=20<LpSolit@gmail.com>=20r=3Djustdave=20a=3Djustdave?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bugzilla/Template.pm | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'Bugzilla/Template.pm')

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 7149828ef..915e3cdc6 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -289,7 +289,8 @@ sub quoteUrls {
               ~egox;
 
     # non-mailto protocols
-    my $protocol_re = qr/(afs|cid|ftp|gopher|http|https|irc|mid|news|nntp|prospero|telnet|view-source|wais)/i;
+    my $safe_protocols = join('|', SAFE_PROTOCOLS);
+    my $protocol_re = qr/($safe_protocols)/i;
 
     $text =~ s~\b(${protocol_re}:  # The protocol:
                   [^\s<>\"]+       # Any non-whitespace
@@ -734,7 +735,9 @@ sub create {
                 }
                 return $var;
             },
-            
+
+            html_light => \&Bugzilla::Util::html_light_quote,
+
             # iCalendar contentline filter
             ics => [ sub {
                          my ($context, @args) = @_;
-- 
cgit v1.2.1