From: gerv%gerv.net <>
Date: Thu, 25 Apr 2002 01:25:49 +0000 (+0000)
Subject: Bug 136180 - use uri/url_quote filters correctly. Patch by ddk; 2xr=gerv.
X-Git-Tag: bugzilla-2.16rc1~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0abf5a6e9bc24ddda2b38d260859192a6bbbc3a;p=thirdparty%2Fbugzilla.git

Bug 136180 - use uri/url_quote filters correctly. Patch by ddk; 2xr=gerv.
---

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 39584bd9c2..1400face96 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -67,7 +67,7 @@ sub IssueEmailChangeToken {
     $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix');
     $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix');
 
-    $vars->{'token'} = &::url_quote($token);
+    $vars->{'token'} = $token;
     $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix');
 
     my $message;
@@ -78,7 +78,7 @@ sub IssueEmailChangeToken {
     print SENDMAIL $message;
     close SENDMAIL;
 
-    $vars->{'token'} = &::url_quote($newtoken);
+    $vars->{'token'} = $newtoken;
     $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix');
 
     $message = "";
@@ -211,7 +211,7 @@ sub Cancel {
     $vars->{'emailaddress'} = $username;
     $vars->{'maintainer'} = $maintainer;
     $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'};
-    $vars->{'token'} = &::url_quote($token);
+    $vars->{'token'} = $token;
     $vars->{'tokentype'} = $tokentype;
     $vars->{'issuedate'} = $issuedate;
     $vars->{'eventdata'} = $eventdata;
diff --git a/Token.pm b/Token.pm
index 39584bd9c2..1400face96 100644
--- a/Token.pm
+++ b/Token.pm
@@ -67,7 +67,7 @@ sub IssueEmailChangeToken {
     $vars->{'oldemailaddress'} = $old_email . &::Param('emailsuffix');
     $vars->{'newemailaddress'} = $new_email . &::Param('emailsuffix');
 
-    $vars->{'token'} = &::url_quote($token);
+    $vars->{'token'} = $token;
     $vars->{'emailaddress'} = $old_email . &::Param('emailsuffix');
 
     my $message;
@@ -78,7 +78,7 @@ sub IssueEmailChangeToken {
     print SENDMAIL $message;
     close SENDMAIL;
 
-    $vars->{'token'} = &::url_quote($newtoken);
+    $vars->{'token'} = $newtoken;
     $vars->{'emailaddress'} = $new_email . &::Param('emailsuffix');
 
     $message = "";
@@ -211,7 +211,7 @@ sub Cancel {
     $vars->{'emailaddress'} = $username;
     $vars->{'maintainer'} = $maintainer;
     $vars->{'remoteaddress'} = $::ENV{'REMOTE_ADDR'};
-    $vars->{'token'} = &::url_quote($token);
+    $vars->{'token'} = $token;
     $vars->{'tokentype'} = $tokentype;
     $vars->{'issuedate'} = $issuedate;
     $vars->{'eventdata'} = $eventdata;
diff --git a/globals.pl b/globals.pl
index 2b9434738f..ced8b4f873 100644
--- a/globals.pl
+++ b/globals.pl
@@ -1616,6 +1616,13 @@ $::template ||= Template->new(
         } , 
         
         html => \&html_quote , 
+
+        # This subroutine in CGI.pl escapes characters in a variable
+        # or value string for use in a query string.  It escapes all
+        # characters NOT in the regex set: [a-zA-Z0-9_\-.].  The 'uri'
+        # filter should be used for a full URL that may have
+        # characters that need encoding.
+        url_quote => \&url_quote ,
       } ,
   }
 ) || DisplayError("Template creation failed: " . Template->error())
diff --git a/t/004template.t b/t/004template.t
index 2f9b252b21..a63dbd64f1 100644
--- a/t/004template.t
+++ b/t/004template.t
@@ -63,8 +63,9 @@ my $template = Template->new(
     # actually have to function in this test, just be defined.
     FILTERS =>
     {
-        strike => sub { return $_ } ,
-        js     => sub { return $_ }
+        js        => sub { return $_ } ,
+        strike    => sub { return $_ } ,
+        url_quote => sub { return $_ } ,
     },
 }
 );
diff --git a/template/en/default/account/email/change-new.txt.tmpl b/template/en/default/account/email/change-new.txt.tmpl
index 5a5ae25357..4739c50e7d 100644
--- a/template/en/default/account/email/change-new.txt.tmpl
+++ b/template/en/default/account/email/change-new.txt.tmpl
@@ -27,10 +27,10 @@ for the [% oldemailaddress %] account to your address.
 
 To confirm the change, visit the following link:
 
-[% Param('urlbase') %]token.cgi?a=cfmem&t=[% token FILTER html %]
+[% Param('urlbase') %]token.cgi?a=cfmem&t=[% token FILTER url_quote %]
 
 If you are not the person who made this request, or you wish to cancel
 this request, visit the following link:
 
-[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER html %]
+[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %]
 
diff --git a/template/en/default/account/email/change-old.txt.tmpl b/template/en/default/account/email/change-old.txt.tmpl
index 82ecf1dfcc..ac42cccb05 100644
--- a/template/en/default/account/email/change-old.txt.tmpl
+++ b/template/en/default/account/email/change-old.txt.tmpl
@@ -31,5 +31,5 @@ for your account to [% newemailaddress %].
 If you are not the person who made this request, or you wish to cancel
 this request, visit the following link:
 
-[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER html %]
+[% Param('urlbase') %]token.cgi?a=cxlem&t=[% token FILTER url_quote %]
 
diff --git a/template/en/default/bug/create/create.html.tmpl b/template/en/default/bug/create/create.html.tmpl
index fe9688acdc..5047a21315 100644
--- a/template/en/default/bug/create/create.html.tmpl
+++ b/template/en/default/bug/create/create.html.tmpl
@@ -71,7 +71,7 @@
     
     <td align="right" valign="top">
       <strong>
-        <a href="describecomponents.cgi?product=[% product FILTER uri %]">
+        <a href="describecomponents.cgi?product=[% product FILTER url_quote %]">
           Component:</a>
       </strong>
     </td>
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl
index deeb4e24d6..2dfd4278f9 100644
--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -90,7 +90,7 @@
     <tr>
       <td align="right">
         <b>
-          <a href="describecomponents.cgi?product=[% bug.product FILTER uri %]">
+          <a href="describecomponents.cgi?product=[% bug.product FILTER url_quote %]">
             Component</a>:
         </b>
       </td>
diff --git a/template/en/default/global/choose-product.html.tmpl b/template/en/default/global/choose-product.html.tmpl
index 1d68f7fe77..df7e0fb489 100644
--- a/template/en/default/global/choose-product.html.tmpl
+++ b/template/en/default/global/choose-product.html.tmpl
@@ -27,7 +27,7 @@
 [% FOREACH p = proddesc.keys.sort %]
   <tr>
     <th align="right" valign="top">
-      <a href="[% target %]?product=[% p FILTER uri %]">
+      <a href="[% target %]?product=[% p FILTER url_quote %]">
         [% p FILTER html %]</a>:
     </th>
 
diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl
index 1665d7a1e3..15d5fc0a05 100644
--- a/template/en/default/list/list.html.tmpl
+++ b/template/en/default/list/list.html.tmpl
@@ -25,6 +25,7 @@
 
 [% DEFAULT title = "Bug List" %]
 [% style_url = "css/buglist.css" %]
+[% qorder = order FILTER url_quote IF order %]
 
 
 [%############################################################################%]
@@ -137,7 +138,7 @@
 
     [% IF bugs.size > 1 && caneditbugs && !dotweak %]
       <a href="buglist.cgi?[% urlquerypart %]
-        [%- "&order=$order" FILTER uri html IF order %]&tweak=1">Change Several 
+        [%- "&order=$qorder" FILTER html IF order %]&amp;tweak=1">Change Several 
         Bugs at Once</a>
       &nbsp;&nbsp;
     [% END %]
diff --git a/template/en/default/list/table.html.tmpl b/template/en/default/list/table.html.tmpl
index 2afc9bb9d6..230fb08759 100644
--- a/template/en/default/list/table.html.tmpl
+++ b/template/en/default/list/table.html.tmpl
@@ -49,6 +49,8 @@
   }
 %]
 
+[% qorder = order FILTER url_quote IF order %]
+
 [%############################################################################%]
 [%# Table Header                                                             #%]
 [%############################################################################%]
@@ -98,8 +100,8 @@
 [% BLOCK columnheader %]
   <th colspan="[% splitheader ? 2 : 1 %]">
     <a href="buglist.cgi?[% urlquerypart %]&amp;order=
-      [% column.name FILTER uri html %]
-      [% ",$order" FILTER uri html IF order %]">
+      [% column.name FILTER url_quote FILTER html %]
+      [% ",$qorder" FILTER html IF order %]">
         [%- abbrev.$id.title || column.title -%]</a>
   </th>
 [% END %]
diff --git a/template/en/default/reports/keywords.html.tmpl b/template/en/default/reports/keywords.html.tmpl
index 28f684f461..665e360c0e 100644
--- a/template/en/default/reports/keywords.html.tmpl
+++ b/template/en/default/reports/keywords.html.tmpl
@@ -53,7 +53,7 @@
     <td>[% keyword.description %]</td>
     <td align="right">
       [% IF keyword.bugcount > 0 %]
-        <A HREF="buglist.cgi?keywords=[% keyword.name FILTER uri %]">
+        <a href="buglist.cgi?keywords=[% keyword.name FILTER url_quote %]">
           [% keyword.bugcount %]</a>
       [% ELSE %]
         none
diff --git a/template/en/default/sidebar.xul.tmpl b/template/en/default/sidebar.xul.tmpl
index 6523176424..65af4de4c9 100644
--- a/template/en/default/sidebar.xul.tmpl
+++ b/template/en/default/sidebar.xul.tmpl
@@ -98,7 +98,7 @@ function normal_keypress_handler( aEvent ) {
   [%- END %]
 
   [%- FOREACH name = namedqueries %]
-      <text class="text-link" onclick="load_relative_url('buglist.cgi?cmdtype=runnamed&amp;namedcmd=[% name FILTER uri %]')" value="[% name FILTER html %]"/>
+      <text class="text-link" onclick="load_relative_url('buglist.cgi?cmdtype=runnamed&amp;namedcmd=[% name FILTER url_quote %]')" value="[% name FILTER html %]"/>
   [% END %]
 
 [% ELSE %]