Bug 202278: Quips are escaped now, no need for HTML-like blocking - Patch by…

Bug 202278: Quips are escaped now, no need for HTML-like blocking - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=myk

Bug 202278: Quips are escaped now, no need for HTML-like blocking - Patch by…
3277ac73 · lpsolit%gmail.com · 57d0baf5 · 3277ac73 · 3277ac73
Commit 3277ac73 authored Jun 30, 2005 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 6 deletions

quips.cgi quips.cgi +0 -1

user-error.html.tmpl template/en/default/global/user-error.html.tmpl +0 -5

No files found.
--- a/quips.cgi
+++ b/quips.cgi
@@ -79,7 +79,6 @@ if ($action eq "add") {
      (Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0;
    my $comment = $cgi->param("quip");
    $comment || ThrowUserError("need_quip");
-    $comment !~ m/</ || ThrowUserError("no_html_in_quips");

    SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " .
           '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')');

--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -858,11 +858,6 @@
    and an error
    occurred opening yesterday's dupes file: [% error_msg FILTER html %].

-  [% ELSIF error == "no_html_in_quips" %]
-    [% title = "No HTML In Quips" %]
-    Sorry - for security reasons, support for HTML tags has been turned off
-    in quips.
-
  [% ELSIF error == "no_new_quips" %]
    [% title = "No New Quips" %]
    This site does not permit the addition of new quips.