From c6ca14cf1a7d38daa3186fe6c7899f2c408d204e Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Wed, 30 Apr 2008 01:42:56 +0000
Subject: [PATCH] Bug 430307: Unsafe regexp used in global/userselect.html.tmpl
 - Patch by Jesse Clark <jjclark1982@gmail.com> r/a=LpSolit

---
 template/en/default/global/userselect.html.tmpl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/template/en/default/global/userselect.html.tmpl b/template/en/default/global/userselect.html.tmpl
index 7a46891abd..827a190669 100644
--- a/template/en/default/global/userselect.html.tmpl
+++ b/template/en/default/global/userselect.html.tmpl
@@ -40,10 +40,14 @@
   [% IF emptyok %]
     <option value=""></option>
   [% END %]
+  [% SET selected = {} %]
+  [% FOREACH selected_value IN value.split(', ') %]
+    [% SET selected.$selected_value = 1 %]
+  [% END %]
   [% FOREACH tmpuser = user.get_userlist %]
-    [% IF tmpuser.visible OR value.match("\\b$tmpuser.login\\b") %]
+    [% IF tmpuser.visible OR selected.${tmpuser.login} == 1 %]
       <option value="[% tmpuser.login FILTER html %]"
-        [% " selected=\"selected\"" IF value.match("\\b$tmpuser.login\\b") %]
+        [% " selected=\"selected\"" IF selected.${tmpuser.login} == 1 %]
       >[% tmpuser.identity FILTER html %]</option>
     [% END %]
   [% END %]
-- 
2.47.2