From: Matt Tyson <mtyson@redhat.com>
Date: Tue, 13 Nov 2012 06:29:57 +0000 (+0800)
Subject: But 800196: Sanitise line-endings for textarea fields
X-Git-Tag: bugzilla-4.4rc1~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0bbec9ea98d0f20ecbce7e5b12938be448b2c826;p=thirdparty%2Fbugzilla.git

But 800196: Sanitise line-endings for textarea fields
r=glob, a=LpSolit

https://bugzilla.mozilla.org/show_bug.cgi?id=800196
---

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 5a8965398b..666ee59e27 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -151,6 +151,9 @@ sub VALIDATORS {
         elsif ($field->type == FIELD_TYPE_BUG_ID) {
             $validator = \&_check_bugid_field;
         }
+        elsif ($field->type == FIELD_TYPE_TEXTAREA) {
+            $validator = \&_check_textarea_field;
+        }
         else {
             $validator = \&_check_default_field;
         }
@@ -2021,6 +2024,19 @@ sub _check_bugid_field {
     return $checked_id;
 }
 
+sub _check_textarea_field {
+    my ($invocant, $text, $field) = @_;
+
+    $text = (defined $text) ? trim($text) : '';
+
+    # Web browsers submit newlines as \r\n.
+    # Sanitize all input to match the web standard.
+    # XMLRPC input could be either \n or \r\n
+    $text =~ s/\r?\n/\r\n/g;
+
+    return $text;
+}
+
 sub _check_relationship_loop {
     # Generates a dependency tree for a given bug.  Calls itself recursively
     # to generate sub-trees for the bug's dependencies.