Perl modules that start with a protocol (as defined in Bugzilla/Constants.pm SAFE_PROTOCOLS constant, were being incorrectly escaped For example, HTTP::Header shouldn't be escaped. Perl module names that don't start with a protocol are fine, eg Bugzilla::Bug
Created attachment 621795 [details] [diff] [review] v1 patch This patch is against trunk, but can also be applied to Bugzilla 4.2 (with an offset) I image the SAFE_URL_REGEXP code could become very complex to handle all situations, but IMO, it is important to address this scenario if possible.
thanks simon, i've cleared the approval flag as should be set only after the code has been reviewed.
Comment on attachment 621795 [details] [diff] [review] v1 patch Fun, I was sure this bug was filed already, but I couldn't find it. I will review this patch later today.
Comment on attachment 621795 [details] [diff] [review] v1 patch r=LpSolit
Committing to: bzr+ssh://firstname.lastname@example.org/bugzilla/trunk/ modified Bugzilla/Template.pm Committed revision 8229.
Committing to: bzr+ssh://email@example.com/bugzilla/4.2/ modified Bugzilla/Template.pm Committed revision 8086.