Update of /cvsroot/wtf-tracker/wtf/lib/WTF/Pages
In directory sc8-pr-cvs9.sourceforge.net:/tmp/cvs-serv7809/lib/WTF/Pages
Modified Files:
Input.pm
Log Message:
Changes to fix bug 1618430 re: &s and 's not getting properly escaped in HTML and Javascript
Index: Input.pm
===================================================================
RCS file: /cvsroot/wtf-tracker/wtf/lib/WTF/Pages/Input.pm,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** Input.pm 6 Dec 2006 16:09:34 -0000 1.9
--- Input.pm 20 Dec 2006 00:04:31 -0000 1.10
***************
*** 37,40 ****
--- 37,42 ----
my ( @codelines, $projects, $last_codeline );
while ( $_ = $sth->{'projects'}->fetchrow_hashref() ) {
+ ( $_->{'name_js'} = $_->{'name'} ) =~ s|'|\\'|g;
+
if ( $last_codeline and ( $last_codeline ne $_->{'codeline'} ) ) {
push @codelines, {
***************
*** 68,72 ****
$sth->{'tasks'}->execute( $r->pnotes('user_id') ) or die $dbh->errstr();
! my $tasks_from_db = $sth->{'tasks'}->fetchall_arrayref({}) or die $dbh->errstr();
if ( not @{$tasks_from_db} ) {
$sth->{'all_tasks'}->execute() or die $dbh->errstr();
--- 70,79 ----
$sth->{'tasks'}->execute( $r->pnotes('user_id') ) or die $dbh->errstr();
!
! my $tasks_from_db = [ map {
! ( $_->{'name_js'} = $_->{'name'} ) =~ s/'/\\'/g;
! $_;
! } @{ $sth->{'tasks'}->fetchall_arrayref({}) or die $dbh->errstr() } ];
!
if ( not @{$tasks_from_db} ) {
$sth->{'all_tasks'}->execute() or die $dbh->errstr();
***************
*** 141,145 ****
'date' => $display_date,
'dates' => \@dates,
! 'data' => $sth->{'work_sel'}->fetchall_arrayref({}),
'notes' => scalar( $sth->{'notes_sel'}->fetchrow_array() ) || undef,
'vacation' => $vacation,
--- 148,158 ----
'date' => $display_date,
'dates' => \@dates,
! 'data' => [
! map {
! $_->{'project_name'} =~ s/'/\\'/g;
! $_->{'task_name'} =~ s/'/\\'/g;
! $_;
! } @{ $sth->{'work_sel'}->fetchall_arrayref({}) }
! ],
'notes' => scalar( $sth->{'notes_sel'}->fetchrow_array() ) || undef,
'vacation' => $vacation,
|
