Perl modules that start with a protocol (eg HTTP::Header) are not escaped correctly in SAFE_URL_REGEXP

RESOLVED FIXED in Bugzilla 4.2

Status

()

Bugzilla
User Interface
--
minor
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Simon Green, Assigned: Simon Green)

Tracking

4.3.1
Bugzilla 4.2
Bug Flags:
approval +
approval4.2 +

Details

Attachments

(1 attachment)

467 bytes, patch
Frédéric Buclin
: review+
Details | Diff | Splinter Review
(Assignee)

Description

6 years ago
Perl modules that start with a protocol (as defined in Bugzilla/Constants.pm SAFE_PROTOCOLS constant, were being incorrectly escaped

For example, HTTP::Header shouldn't be escaped. Perl module names that don't start with a protocol are fine, eg Bugzilla::Bug
(Assignee)

Comment 1

6 years ago
Created attachment 621795 [details] [diff] [review]
v1 patch

This patch is against trunk, but can also be applied to Bugzilla 4.2 (with an offset)

I image the SAFE_URL_REGEXP code could become very complex to handle all situations, but IMO, it is important to address this scenario if possible.
Attachment #621795 - Flags: review?
(Assignee)

Updated

6 years ago
Flags: approval4.2?
thanks simon, i've cleared the approval flag as should be set only after the code has been reviewed.
Assignee: ui → sgreen+mozilla
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Flags: approval4.2?
OS: Linux → All
Hardware: x86 → All
Summary: quoteUrls improvement → Perl modules that start with a protocol (eg HTTP::Header) should not be linkified
Summary: Perl modules that start with a protocol (eg HTTP::Header) should not be linkified → Perl modules that start with a protocol (eg HTTP::Header) are not escaped correctly in SAFE_URL_REGEXP

Comment 3

6 years ago
Comment on attachment 621795 [details] [diff] [review]
v1 patch

Fun, I was sure this bug was filed already, but I couldn't find it. I will review this patch later today.
Attachment #621795 - Flags: review? → review?(LpSolit)

Comment 4

6 years ago
Comment on attachment 621795 [details] [diff] [review]
v1 patch

r=LpSolit
Attachment #621795 - Flags: review?(LpSolit) → review+

Updated

6 years ago
Severity: normal → minor
Flags: approval+
Target Milestone: --- → Bugzilla 4.4
(Assignee)

Updated

6 years ago
Flags: approval4.2?

Comment 5

6 years ago
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified Bugzilla/Template.pm
Committed revision 8229.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Comment 6

6 years ago
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified Bugzilla/Template.pm
Committed revision 8086.
Flags: approval4.2? → approval4.2+
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
You need to log in before you can comment on or make changes to this bug.