uri_escape e-mails in libravatar (closes: #728034). Thanks to Fabien Givors for point...

[debbugs.git] / Debbugs / CGI / Bugreport.pm

diff --git a/Debbugs/CGI/Bugreport.pm b/Debbugs/CGI/Bugreport.pm
index 2e53892ca5ced8e019b24b5bf291640a45556432..67ed7ba9c6ba04a1b2a6703168f3982e98b5d552 100644 (file)
--- a/Debbugs/CGI/Bugreport.pm
+++ b/Debbugs/CGI/Bugreport.pm
@@ -41,6 +41,7 @@ use Debbugs::UTF8;
 use Debbugs::Config qw(:config);
 use POSIX qw(strftime);
 use Encode qw(decode_utf8 encode_utf8);
+use URI::Escape qw(uri_escape);
 
 BEGIN{
      ($VERSION) = q$Revision: 494 $ =~ /^Revision:\s+([^\s+])/;
@@ -148,7 +149,7 @@ sub display_entity {
                    if ($_ eq 'From' and $param{avatars}) {
                        my $libravatar_url = __libravatar_url(decode_rfc1522($head_field));
                        if (defined $libravatar_url and length $libravatar_url) {
-                           push @headers,q(<img src="http://).$libravatar_url.qq(" alt="">\n);
+                           push @headers,q(<img src="http://).html_escape($libravatar_url).qq(" alt="">\n);
                        }
                    }
                   push @headers, qq(<div class="header"><span class="headerfield">$_:</span> ) . html_escape(decode_rfc1522($head_field))."</div>\n";
@@ -452,7 +453,7 @@ sub __libravatar_url {
         return undef;
     }
     ($email) = get_addresses($email);
-    return $config{libravatar_uri}.$email.($config{libravatar_uri_options}//'');
+    return $config{libravatar_uri}.uri_escape($email.($config{libravatar_uri_options}//''));
 }