Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse Clark...

author lpsolit%gmail.com <>

Wed, 30 Apr 2008 01:41:18 +0000 (01:41 +0000)

committer lpsolit%gmail.com <>

Wed, 30 Apr 2008 01:41:18 +0000 (01:41 +0000)
author lpsolit%gmail.com <>
Wed, 30 Apr 2008 01:41:18 +0000 (01:41 +0000)
committer lpsolit%gmail.com <>
Wed, 30 Apr 2008 01:41:18 +0000 (01:41 +0000)
diff --git a/template/en/default/global/userselect.html.tmpl b/template/en/default/global/userselect.html.tmpl

index fd0466318eb16490467bf79e94e7418207a68d53..e27ca0d6ff2867a82f096b03d37dab687814d6e8 100644 (file)
--- a/template/en/default/global/userselect.html.tmpl
+++ b/template/en/default/global/userselect.html.tmpl
@@ -49,10 +49,14 @@
      [% custom_userlist = user.get_userlist %]
    [% END %]
  
+  [% SET selected = {} %]
+  [% FOREACH selected_value IN value.split(', ') %]
+    [% SET selected.$selected_value = 1 %]
+  [% END %]
    [% FOREACH tmpuser = custom_userlist %]
-    [% IF tmpuser.visible OR value.match("\\b$tmpuser.login\\b") %]
+    [% IF tmpuser.visible OR selected.${tmpuser.login} == 1 %]
        <option value="[% tmpuser.login FILTER html %]"
-        [% " selected=\"selected\"" IF value.match("\\b$tmpuser.login\\b") %]
+        [% " selected=\"selected\"" IF selected.${tmpuser.login} == 1 %]
        >[% tmpuser.identity FILTER html %]</option>
      [% END %]
    [% END %]
author	lpsolit%gmail.com <>
	Wed, 30 Apr 2008 01:41:18 +0000 (01:41 +0000)
committer	lpsolit%gmail.com <>
	Wed, 30 Apr 2008 01:41:18 +0000 (01:41 +0000)