From: Matt Tyson <mtyson@redhat.com>
Date: Tue, 13 Nov 2012 06:26:41 +0000 (+0800)
Subject: But 800196: Sanitise line-endings for textarea fields
X-Git-Tag: bugzilla-4.5.1~319
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ceb5a0bf4540f9c1389bccfc62764f4eee8e5a4;p=thirdparty%2Fbugzilla.git

But 800196: Sanitise line-endings for textarea fields
r=glob, a=LpSolit

https://bugzilla.mozilla.org/show_bug.cgi?id=800196
---

diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 3b14c4cb28..4a17237540 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -152,6 +152,9 @@ sub VALIDATORS {
         elsif ($field->type == FIELD_TYPE_BUG_ID) {
             $validator = \&_check_bugid_field;
         }
+        elsif ($field->type == FIELD_TYPE_TEXTAREA) {
+            $validator = \&_check_textarea_field;
+        }
         else {
             $validator = \&_check_default_field;
         }
@@ -2022,6 +2025,19 @@ sub _check_bugid_field {
     return $checked_id;
 }
 
+sub _check_textarea_field {
+    my ($invocant, $text, $field) = @_;
+
+    $text = (defined $text) ? trim($text) : '';
+
+    # Web browsers submit newlines as \r\n.
+    # Sanitize all input to match the web standard.
+    # XMLRPC input could be either \n or \r\n
+    $text =~ s/\r?\n/\r\n/g;
+
+    return $text;
+}
+
 sub _check_relationship_loop {
     # Generates a dependency tree for a given bug.  Calls itself recursively
     # to generate sub-trees for the bug's dependencies.