From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 14 Feb 2011 21:56:52 +0000 (+0100)
Subject: Bug 480044: Use dashes instead of colons to separate bug IDs in the BUGLIST cookie... 
X-Git-Tag: bugzilla-3.6.5~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc9367dbc2f3a88a8f2248dc8ac934935feef9d7;p=thirdparty%2Fbugzilla.git

Bug 480044: Use dashes instead of colons to separate bug IDs in the BUGLIST cookie, because colons are HTML-escaped, making the cookie bigger than the 4k limit
r=mkanat a=LpSolit
---

diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 912646f839..f3fc1b82d3 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -767,7 +767,9 @@ sub create {
                 my @bug_list;
                 my $cgi = Bugzilla->cgi;
                 if ($cgi->cookie("BUGLIST")) {
-                    @bug_list = split(/:/, $cgi->cookie("BUGLIST"));
+                    # Also split on colons, which was used as a separator
+                    # in old cookies.
+                    @bug_list = split(/[:-]/, $cgi->cookie("BUGLIST"));
                 }
                 return \@bug_list;
             },
diff --git a/buglist.cgi b/buglist.cgi
index 1d5f176129..c12e211f31 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -190,7 +190,7 @@ if (defined $cgi->param('regetlastlist')) {
 
     $order = "reuse last sort" unless $order;
     my $bug_id = $cgi->cookie('BUGLIST');
-    $bug_id =~ s/:/,/g;
+    $bug_id =~ s/[:-]/,/g;
     # set up the params for this new query
     $params = new Bugzilla::CGI({
                                  bug_id => $bug_id,
@@ -1209,7 +1209,7 @@ if ($format->{'extension'} eq "html" && !$agent) {
                           -value => $order,
                           -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
     }
-    my $bugids = join(":", @bugidlist);
+    my $bugids = join('-', @bugidlist);
     # See also Bug 111999
     if (length($bugids) == 0) {
         $cgi->remove_cookie('BUGLIST');
diff --git a/process_bug.cgi b/process_bug.cgi
index 32f8e4a066..9be1cdf6d2 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -206,7 +206,8 @@ if (defined $cgi->param('id')) {
     if ($action eq 'next_bug') {
         my @bug_list;
         if ($cgi->cookie("BUGLIST")) {
-            @bug_list = split(/:/, $cgi->cookie("BUGLIST"));
+            # Also split on colons, which was used as a separator in old cookies.
+            @bug_list = split(/[:-]/, $cgi->cookie("BUGLIST"));
         }
         my $cur = lsearch(\@bug_list, $cgi->param('id'));
         if ($cur >= 0 && $cur < $#bug_list) {