my ($data) = @_;
return encode_base64($data);
},
+
+ # Strips out control characters excepting whitespace
+ strip_control_chars => sub {
+ my ($data) = @_;
+ # Only run for utf8 to avoid issues with other multibyte encodings
+ # that may be reassigning meaning to ascii characters.
+ if (Bugzilla->params->{'utf8'}) {
+ $data =~ s/(?![\t\r\n])[[:cntrl:]]//g;
+ }
+ return $data;
+ },
# HTML collapses newlines in element attributes to a single space,
# so form elements which may have whitespace (ie comments) need
# Obscure '@'.
$var =~ s/\@/\@/g;
if (Bugzilla->params->{'utf8'}) {
+ # Remove control characters if the encoding is utf8.
+ # Other multibyte encodings may be using this range; so ignore if not utf8.
+ $var =~ s/(?![\t\r\n])[[:cntrl:]]//g;
+
# Remove the following characters because they're
# influencing BiDi:
# --------------------------------------------------------
[%- IF comment.count %]
--- Comment #[% comment.count %] from [% comment.author.identity %] [%+ comment.creation_ts FILTER time(undef, to_user.timezone) %] ---
[% END %]
-[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) %]
+[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %]
[% END %]
-- [%# Protect the trailing space of the signature marker %]
[%-# .defined is necessary to avoid a taint issue in Perl < 5.10.1, see bug 509794. %]
[% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %]
------- Additional Comments from [% user.identity %]
-[%+ Bugzilla.cgi.param("comment") %]
+[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %]
[% END %]
[%- END %]
projects / thirdparty / bugzilla.git / commitdiff
