[Rt-commit] r3662 - in rt/branches/3.4-RELEASE: . html/Elements

alexmv at bestpractical.com alexmv at bestpractical.com
Wed Aug 17 13:29:26 EDT 2005 

Author: alexmv
Date: Wed Aug 17 13:29:25 2005
New Revision: 3662

Modified:
   rt/branches/3.4-RELEASE/   (props changed)
   rt/branches/3.4-RELEASE/html/Elements/Quicksearch
Log:
 r5914 at zoq-fot-pik:  chmrr | 2005-08-17 13:32:00 -0400
  * We love escaping!  We need to escape quotes and slashes in
 TicketSQL, then URI escape, then HTML escape.  And the query comes
 from the TicketSQL-escaped one, not the URI and HTML-escaped one.  Oh,
 yeah, and don't forget to turn off the automatic HTML escaping that
 Mason does, or it'll be TicketSQL-HTML-URI-HTML escaped, which is
 Right Out.


Modified: rt/branches/3.4-RELEASE/html/Elements/Quicksearch
==============================================================================
--- rt/branches/3.4-RELEASE/html/Elements/Quicksearch	(original)
+++ rt/branches/3.4-RELEASE/html/Elements/Quicksearch	Wed Aug 17 13:29:25 2005
@@ -57,7 +57,8 @@
 while (my $queue = $Queues->Next) {
   next unless ($queue->CurrentUserHasRight('ShowTicket'));
 
-  my $name = $m->interp->apply_escapes($queue->Name, "u");
+  my $name = $queue->Name;
+  $name =~ s|(['\\])|\\$1|g;
   
   my $new_q = "Queue = '$name' AND Status = 'new'";
   my $open_q = "Queue = '$name' AND Status = 'open'";
@@ -72,9 +73,9 @@
   $i++;
 </%PERL>
 <TR class="<% $i%2 ? 'oddline' : 'evenline'%>" >                                
-<td><A HREF="<% $RT::WebPath%>/Search/Results.html?Query=<%$all_q%>&Rows=50" TITLE="<% $queue->Description %>"><%$queue->Name%></a></TD>
-<td align="right"><A HREF="<% $RT::WebPath%>/Search/Results.html?Query=<%$new_q%>&Rows=50"><%$new%></a></TD>
-<td align="right"><A HREF="<% $RT::WebPath%>/Search/Results.html?Query=<%$open_q%>&Rows=50"><%$open%></a></TD>
+<td><A HREF="<% $RT::WebPath%>/Search/Results.html?Query=<%$all_q |nuh%>&Rows=50" TITLE="<% $queue->Description %>"><%$queue->Name%></a></TD>
+<td align="right"><A HREF="<% $RT::WebPath%>/Search/Results.html?Query=<%$new_q |nuh%>&Rows=50"><%$new%></a></TD>
+<td align="right"><A HREF="<% $RT::WebPath%>/Search/Results.html?Query=<%$open_q |nuh%>&Rows=50"><%$open%></a></TD>
 </TR>
 % }
 </TABLE>

More information about the Rt-commit mailing list