[Rt-commit] rt branch, 3.9-trunk, updated. rt-3.8.8-597-gfb5e4f0

[Thomas Sibley]

The branch, 3.9-trunk has been updated
       via  fb5e4f06c637cafcbe17c3aef46b60f8c64d3057 (commit)
      from  24cd111af20dd3b5daf1b15fb32c2fd49a39349c (commit)

Summary of changes:
 share/html/Elements/ShowUser           |    5 +++--
 share/html/Elements/ShowUserConcise    |    5 ++++-
 share/html/Elements/ShowUserVerbose    |    5 ++++-
 share/html/Helpers/Autocomplete/Owners |    7 +++++--
 share/html/Helpers/Autocomplete/Users  |    2 +-
 5 files changed, 17 insertions(+), 7 deletions(-)

- Log -----------------------------------------------------------------
commit fb5e4f06c637cafcbe17c3aef46b60f8c64d3057
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Thu Aug 26 07:55:44 2010 -0400

    Don't HTML escape the output of ShowUser when using it in JSON

diff --git a/share/html/Elements/ShowUser b/share/html/Elements/ShowUser
index 03f93f1..edcd858 100644
--- a/share/html/Elements/ShowUser
+++ b/share/html/Elements/ShowUser
@@ -59,13 +59,14 @@ unless ( $m->comp_exists( $comp ) ) {
         . ', but '. $comp . "doesn't exist"
     );
     return $m->comp('/Elements/ShowUserConcise',
-        User => $User, Address => $Address,
+        User => $User, Address => $Address, NoEscape => $NoEscape
     );
 }
-return $m->comp( $comp, User => $User, Address => $Address );
+return $m->comp( $comp, User => $User, Address => $Address, NoEscape => $NoEscape );
 </%INIT>
 <%ARGS>
 $User => undef
 $Address => undef
+$NoEscape => 0
 $style => RT->Config->Get('UsernameFormat', $session{'CurrentUser'})
 </%ARGS>
diff --git a/share/html/Elements/ShowUserConcise b/share/html/Elements/ShowUserConcise
index 2f26088..a6a8fee 100644
--- a/share/html/Elements/ShowUserConcise
+++ b/share/html/Elements/ShowUserConcise
@@ -46,7 +46,7 @@
 %# 
 %# END BPS TAGGED BLOCK }}}
 %# Released under the terms of version 2 of the GNU Public License
-<% $Address || $User->RealName || $User->Name %>\
+<% $display |n %>\
 <%ARGS>
 $User => undef
 $Address => undef
@@ -61,4 +61,7 @@ if ( !$User && $Address ) {
         $Address = $Address->address;
     }
 }
+my $display = $Address || $User->RealName || $User->Name;
+   $display = $m->interp->apply_escapes( $display, 'h' )
+        unless $ARGS{'NoEscape'};
 </%INIT>
diff --git a/share/html/Elements/ShowUserVerbose b/share/html/Elements/ShowUserVerbose
index 7bba394..f90a1dc 100644
--- a/share/html/Elements/ShowUserVerbose
+++ b/share/html/Elements/ShowUserVerbose
@@ -46,7 +46,7 @@
 %# 
 %# END BPS TAGGED BLOCK }}}
 %# Released under the terms of version 2 of the GNU Public License
-<%$Address->format%>\
+<% $display |n %>\
 <%INIT>
 my ($phrase, $address, $comment);
 
@@ -66,6 +66,9 @@ if ( $phrase and my ( $l, $r ) = ( $phrase =~ /^(\w+) (\w+)$/ ) ) {
       || $Address->user =~ /^\Q$r\E.\Q$l\E$/;
 }
 
+my $display = $Address->format;
+   $display = $m->interp->apply_escapes( $display, 'h' )
+        unless $ARGS{'NoEscape'};
 </%INIT>
 <%ARGS>
 $User => undef
diff --git a/share/html/Helpers/Autocomplete/Owners b/share/html/Helpers/Autocomplete/Owners
index 8aad1a9..f82af1f 100644
--- a/share/html/Helpers/Autocomplete/Owners
+++ b/share/html/Helpers/Autocomplete/Owners
@@ -115,7 +115,10 @@ foreach my $spec (map { [split /\-/, $_, 2] } split /\|/, $limit) {
 
     while ( my $User = $Users->Next() ) {
         next if $user_uniq_hash{ $User->Id };
-        $user_uniq_hash{ $User->Id() } = [$User, $m->scomp('/Elements/ShowUser', User => $User)];
+        $user_uniq_hash{ $User->Id() } = [
+            $User,
+            $m->scomp('/Elements/ShowUser', User => $User, NoEscape => 1)
+        ];
     }
 }
 
@@ -124,7 +127,7 @@ my $nobody = qr/^n(?:o(?:b(?:o(?:d(?:y)?)?)?)?)?$/i;
 if ( not $user_uniq_hash{$RT::Nobody->id} and $term =~ $nobody ) {
     $user_uniq_hash{$RT::Nobody->id} = [
         $RT::Nobody,
-        $m->scomp('/Elements/ShowUser', User => $RT::Nobody)
+        $m->scomp('/Elements/ShowUser', User => $RT::Nobody, NoEscape => 1)
     ];
 }
 
diff --git a/share/html/Helpers/Autocomplete/Users b/share/html/Helpers/Autocomplete/Users
index 715bb03..b4046a5 100644
--- a/share/html/Helpers/Autocomplete/Users
+++ b/share/html/Helpers/Autocomplete/Users
@@ -108,7 +108,7 @@ while ( my $user = $users->Next ) {
     next if $user->id == $RT::SystemUser->id
          or $user->id == $RT::Nobody->id;
 
-    my $formatted = $m->scomp('/Elements/ShowUser', User => $user);
+    my $formatted = $m->scomp('/Elements/ShowUser', User => $user, NoEscape => 1);
     $formatted =~ s/\n//g;
     push @suggestions, { label => $formatted, value => $user->$return };
 }

-----------------------------------------------------------------------