Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse…

Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse Clark <jjclark1982@gmail.com> r/a=LpSolit

Bug 430307: Unsafe regexp used in global/userselect.html.tmpl - Patch by Jesse…
4e8eba7e · lpsolit%gmail.com · 43b6f4a4 · 4e8eba7e
Commit 4e8eba7e authored Apr 30, 2008 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

userselect.html.tmpl template/en/default/global/userselect.html.tmpl +6 -2

No files found.
--- a/template/en/default/global/userselect.html.tmpl
+++ b/template/en/default/global/userselect.html.tmpl
@@ -49,10 +49,14 @@
    [% custom_userlist = user.get_userlist %]
  [% END %]

+  [% SET selected = {} %]
+  [% FOREACH selected_value IN value.split(', ') %]
+    [% SET selected.$selected_value = 1 %]
+  [% END %]
  [% FOREACH tmpuser = custom_userlist %]
-    [% IF tmpuser.visible OR value.match("\\b$tmpuser.login\\b") %]
+    [% IF tmpuser.visible OR selected.${tmpuser.login} == 1 %]
      <option value="[% tmpuser.login FILTER html %]"
-        [% " selected=\"selected\"" IF value.match("\\b$tmpuser.login\\b") %]
+        [% " selected=\"selected\"" IF selected.${tmpuser.login} == 1 %]
      >[% tmpuser.identity FILTER html %]</option>
    [% END %]
  [% END %]