diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev index 525680ab08f..c98d7a829e3 100644 --- a/mozilla/webtools/bugzilla/.bzrrev +++ b/mozilla/webtools/bugzilla/.bzrrev @@ -1 +1 @@ -8993 \ No newline at end of file +8994 \ No newline at end of file diff --git a/mozilla/webtools/bugzilla/.gitrev b/mozilla/webtools/bugzilla/.gitrev index 25041b63f85..fca774b9f4e 100644 --- a/mozilla/webtools/bugzilla/.gitrev +++ b/mozilla/webtools/bugzilla/.gitrev @@ -1 +1 @@ -0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 \ No newline at end of file +58b92d3b0245f6565a7ff34e78fce1e9ec56b355 \ No newline at end of file diff --git a/mozilla/webtools/bugzilla/Bugzilla/Template.pm b/mozilla/webtools/bugzilla/Bugzilla/Template.pm index 56d31dd2d7b..6f790005472 100644 --- a/mozilla/webtools/bugzilla/Bugzilla/Template.pm +++ b/mozilla/webtools/bugzilla/Bugzilla/Template.pm @@ -678,6 +678,18 @@ sub create { my ($data) = @_; return encode_base64($data); }, + + # Strips out control characters excepting whitespace + strip_control_chars => sub { + my ($data) = @_; + state $use_utf8 = Bugzilla->params->{'utf8'}; + # Only run for utf8 to avoid issues with other multibyte encodings + # that may be reassigning meaning to ascii characters. + if ($use_utf8) { + $data =~ s/(?![\t\r\n])[[:cntrl:]]//g; + } + return $data; + }, # HTML collapses newlines in element attributes to a single space, # so form elements which may have whitespace (ie comments) need diff --git a/mozilla/webtools/bugzilla/Bugzilla/Util.pm b/mozilla/webtools/bugzilla/Bugzilla/Util.pm index 5f359c38ccb..9bcb6962d18 100644 --- a/mozilla/webtools/bugzilla/Bugzilla/Util.pm +++ b/mozilla/webtools/bugzilla/Bugzilla/Util.pm @@ -75,6 +75,10 @@ sub html_quote { state $use_utf8 = Bugzilla->params->{'utf8'}; if ($use_utf8) { + # Remove control characters if the encoding is utf8. + # Other multibyte encodings may be using this range; so ignore if not utf8. + $var =~ s/(?![\t\r\n])[[:cntrl:]]//g; + # Remove the following characters because they're # influencing BiDi: # -------------------------------------------------------- diff --git a/mozilla/webtools/bugzilla/template/en/default/email/bugmail.txt.tmpl b/mozilla/webtools/bugzilla/template/en/default/email/bugmail.txt.tmpl index 95cda7f1067..1f04db7b12d 100644 --- a/mozilla/webtools/bugzilla/template/en/default/email/bugmail.txt.tmpl +++ b/mozilla/webtools/bugzilla/template/en/default/email/bugmail.txt.tmpl @@ -19,7 +19,7 @@ [%- IF comment.count %] --- Comment #[% comment.count %] from [% comment.author.identity %] --- [% END %] -[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) %] +[%+ comment.body_full({ is_bugmail => 1, wrap => 1 }) FILTER strip_control_chars %] [% END %] [% IF referenced_bugs.size %] diff --git a/mozilla/webtools/bugzilla/template/en/default/email/flagmail.txt.tmpl b/mozilla/webtools/bugzilla/template/en/default/email/flagmail.txt.tmpl index 26b60143d28..fe514e1037a 100644 --- a/mozilla/webtools/bugzilla/template/en/default/email/flagmail.txt.tmpl +++ b/mozilla/webtools/bugzilla/template/en/default/email/flagmail.txt.tmpl @@ -69,7 +69,7 @@ Attachment [% attidsummary %] [%-# .defined is necessary to avoid a taint issue, see bug 509794. %] [% IF Bugzilla.cgi.param("comment").defined && Bugzilla.cgi.param("comment").length > 0 %] ------- Additional Comments from [% user.identity %] -[%+ Bugzilla.cgi.param("comment") %] +[%+ Bugzilla.cgi.param("comment") FILTER strip_control_chars %] [% END %] [%- END %]