From: lpsolit%gmail.com <>
Date: Wed, 30 Apr 2008 01:41:18 +0000 (+0000)
Subject: Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse Clark... 
X-Git-Tag: bugzilla-3.1.4~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e8eba7e7e1ea9007ce2dc8c51ffdf6c377d8b9b;p=thirdparty%2Fbugzilla.git

Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse Clark <jjclark1982@gmail.com> r/a=LpSolit
---

diff --git a/template/en/default/global/userselect.html.tmpl b/template/en/default/global/userselect.html.tmpl
index fd0466318e..e27ca0d6ff 100644
--- a/template/en/default/global/userselect.html.tmpl
+++ b/template/en/default/global/userselect.html.tmpl
@@ -49,10 +49,14 @@
     [% custom_userlist = user.get_userlist %]
   [% END %]
 
+  [% SET selected = {} %]
+  [% FOREACH selected_value IN value.split(', ') %]
+    [% SET selected.$selected_value = 1 %]
+  [% END %]
   [% FOREACH tmpuser = custom_userlist %]
-    [% IF tmpuser.visible OR value.match("\\b$tmpuser.login\\b") %]
+    [% IF tmpuser.visible OR selected.${tmpuser.login} == 1 %]
       <option value="[% tmpuser.login FILTER html %]"
-        [% " selected=\"selected\"" IF value.match("\\b$tmpuser.login\\b") %]
+        [% " selected=\"selected\"" IF selected.${tmpuser.login} == 1 %]
       >[% tmpuser.identity FILTER html %]</option>
     [% END %]
   [% END %]