Bug 202278: Quips are escaped now, no need for HTML-like blocking - Patch by Frédéric...

diff --git a/quips.cgi b/quips.cgi
index 766d1a79217efdbd12d788a4c426b0b9e2cc99ab..d811ee5fe45d05ec8dad0c7c3b2e45fb761229d3 100755 (executable)
--- a/quips.cgi
+++ b/quips.cgi
@@ -79,7 +79,6 @@ if ($action eq "add") {
       (Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0;
     my $comment = $cgi->param("quip");
     $comment || ThrowUserError("need_quip");
-    $comment !~ m/</ || ThrowUserError("no_html_in_quips");
 
     SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " .
            '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')');

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index f19ecbe33328383309008ca6e9c018f6f278381b..2696ede15e0af33992eb33df2746067c5bae6103 100644 (file)
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -858,11 +858,6 @@
     and an error
     occurred opening yesterday's dupes file: [% error_msg FILTER html %].
 
-  [% ELSIF error == "no_html_in_quips" %]
-    [% title = "No HTML In Quips" %]
-    Sorry - for security reasons, support for HTML tags has been turned off
-    in quips.
-
   [% ELSIF error == "no_new_quips" %]
     [% title = "No New Quips" %]
     This site does not permit the addition of new quips.