X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=Debbugs%2FCGI%2FBugreport.pm;h=f2ae9ac410c6ed98955d6016f1f6d76e6fbc879e;hb=1fc2d1468742f5478aa2592cc31a450c2ea7f141;hp=2e53892ca5ced8e019b24b5bf291640a45556432;hpb=8623fd34da118a1bdcf96932058935e0c15bcd72;p=debbugs.git

diff --git a/Debbugs/CGI/Bugreport.pm b/Debbugs/CGI/Bugreport.pm
index 2e53892..f2ae9ac 100644
--- a/Debbugs/CGI/Bugreport.pm
+++ b/Debbugs/CGI/Bugreport.pm
@@ -41,6 +41,7 @@ use Debbugs::UTF8;
 use Debbugs::Config qw(:config);
 use POSIX qw(strftime);
 use Encode qw(decode_utf8 encode_utf8);
+use URI::Escape qw(uri_escape);
 
 BEGIN{
      ($VERSION) = q$Revision: 494 $ =~ /^Revision:\s+([^\s+])/;
@@ -148,7 +149,7 @@ sub display_entity {
                    if ($_ eq 'From' and $param{avatars}) {
                        my $libravatar_url = __libravatar_url(decode_rfc1522($head_field));
                        if (defined $libravatar_url and length $libravatar_url) {
-                           push @headers,q(<img src="http://).$libravatar_url.qq(" alt="">\n);
+                           push @headers,q(<img src=").html_escape($libravatar_url).qq(" alt="">\n);
                        }
                    }
 		   push @headers, qq(<div class="header"><span class="headerfield">$_:</span> ) . html_escape(decode_rfc1522($head_field))."</div>\n";
@@ -273,7 +274,11 @@ sub display_entity {
 		    ((?:\&gt\;)?[)]?(?:'|\&\#39\;)?[:.\,]?(?:\s|$)) # terminators
 	      }{<a href=\"$1\">$1</a>$2}gox;
 	 # Add links to bug closures
-	 $body =~ s[(closes:\s*(?:bug)?\#?\s?\d+(?:,?\s*(?:bug)?\#?\s?\d+)*)]
+	 $body =~ s[((?:closes|see):\s* # start of closed/referenced bugs
+                        (?:bug)?\#?\s?\d+\s? # first bug
+                        (?:,?\s*(?:bug)?\#?\s?\d+)* # additional bugs
+                    (?:\s|\n|\)|\]|\}|\.|\,|$)) # ends with a space, newline, end of string, or ); fixes #747267
+                  ]
 		   [my $temp = $1;
 		    $temp =~ s{(\d+)}
 			      {bug_links(bug=>$1)}ge;
@@ -282,7 +287,7 @@ sub display_entity {
 	     length $config{cve_tracker}
 	    ) {
 	     # Add links to CVE vulnerabilities (closes #568464)
-	     $body =~ s{(^|\s)(CVE-\d{4}-\d{4,})(\s|[,.-\[\]]|$)}
+	     $body =~ s{(^|\s|[\(\[])(CVE-\d{4}-\d{4,})(\s|[,.-\[\]\)]|$)}
 		       {$1<a href="http://$config{cve_tracker}$2">$2</a>$3}gxm;
 	 }
 	 if (not exists $param{att}) {
@@ -452,7 +457,7 @@ sub __libravatar_url {
         return undef;
     }
     ($email) = get_addresses($email);
-    return $config{libravatar_uri}.$email.($config{libravatar_uri_options}//'');
+    return $config{libravatar_uri}.uri_escape($email.($config{libravatar_uri_options}//''));
 }