summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2020-01-30 22:51:38 -0800
committerRobin H. Johnson <robbat2@gentoo.org>2020-01-30 22:51:38 -0800
commit6c47683e63aa77f3a48ed3e83ea959b5dc173627 (patch)
treeef46b4d84362cabf31dd2c098d0fae38fcd0e018
parentMerge branch 'bugstest-5.0.6' into bugstest (diff)
downloadbugzilla-6c47683e63aa77f3a48ed3e83ea959b5dc173627.tar.gz
bugzilla-6c47683e63aa77f3a48ed3e83ea959b5dc173627.tar.bz2
bugzilla-6c47683e63aa77f3a48ed3e83ea959b5dc173627.zip
Bugzilla/Util: disable BiDi tr safety
Perl Safe.pm and 5.30 don't interact well, the following expression is disabled. This introduces a small risk of BiDi characters being added to bugs. Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1588175 Reference: https://rt.perl.org/Public/Bug/Display.html?id=72942 Reference: https://github.com/Perl/perl5/issues/17271 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rw-r--r--Bugzilla/Util.pm9
1 files changed, 8 insertions, 1 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 572479777..4a6e89d18 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -106,7 +106,14 @@ sub html_quote {
# |U+200e|Left-To-Right Mark |0xe2 0x80 0x8e |
# |U+200f|Right-To-Left Mark |0xe2 0x80 0x8f |
# --------------------------------------------------------
- $var =~ tr/\x{202a}-\x{202e}//d;
+ #
+ # Perl Safe.pm and 5.30 don't interact well, the following expression is
+ # disabled. This introduces a small risk of BiDi characters being added to
+ # bugs.
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1588175
+ # https://rt.perl.org/Public/Bug/Display.html?id=72942
+ # https://github.com/Perl/perl5/issues/17271
+ #$var =~ tr/\x{202a}-\x{202e}//d;
}
return $var;
}