Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000351 [Piwigo] display minor always 2006.04.25 01:36 2006.06.04 10:49
Reporter rvelices View Status public  
Assigned To chrisaga
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 1.6.0RC2 Product Version 1.6.0RC1
  Target Version Product Build
Summary 0000351: htmlentities should not be applied to comments
Description in parse_comment_content: we put html code for urls, underline, bold and italic and then we call htmlentities on the result ?
Steps To Reproduce
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships

-  Notes
(0000848)
rvelices (developer)
2006.04.25 02:00

Forgot to say that htmlspecialchars is already applied to the comment before being inserted in the database.
(0000853)
chrisaga (developer)
2006.04.25 22:27

Must use htmlentities() before setting the html tags

Fixed in 1.6 ([Subversion] r1271) merged in BSF ([Subversion] r1272)
(0000854)
rvelices (developer)
2006.04.25 22:59
edited on: 2006.04.25 23:00

> Must use htmlentities() before setting the html tags
In fact no. If you input a comment "me & you" it will be saved in the database as "me & you" (I dont think it is a good idea, but this the way it is today).
Applying htmlentities a second time is not good.

However svn versions are ok because you are calling the htmlentities but you don't assign the result to anything.

I let you close this bug if you agree.

(0000856)
chrisaga (developer)
2006.04.26 07:54

OK, I was too fast on this one <:o(

useless code removed in 1.6 ([Subversion] r1275) merged in BSF ([Subversion] r1276)

In fact i was disturbed by the fact that bold (*world*) patterns don't seem to work. Do they ?
(0001015)
chrisaga (developer)
2006.06.04 10:49

Sould have been closed long ago

- Issue History
Date Modified Username Field Change
2006.04.25 01:36 rvelices New Issue
2006.04.25 01:36 rvelices browser => any
2006.04.25 01:36 rvelices Web server => Apache 1.3.x
2006.04.25 02:00 rvelices Note Added: 0000848
2006.04.25 22:25 chrisaga Status new => assigned
2006.04.25 22:25 chrisaga Assigned To => chrisaga
2006.04.25 22:27 chrisaga Status assigned => resolved
2006.04.25 22:27 chrisaga Fixed in Version => 1.6.0RC2
2006.04.25 22:27 chrisaga Resolution open => fixed
2006.04.25 22:27 chrisaga Note Added: 0000853
2006.04.25 22:59 rvelices Status resolved => feedback
2006.04.25 22:59 rvelices Resolution fixed => reopened
2006.04.25 22:59 rvelices Note Added: 0000854
2006.04.25 23:00 rvelices Note Edited: 0000854
2006.04.26 07:54 chrisaga Status feedback => resolved
2006.04.26 07:54 chrisaga Resolution reopened => fixed
2006.04.26 07:54 chrisaga Note Added: 0000856
2006.06.04 10:49 chrisaga Status resolved => closed
2006.06.04 10:49 chrisaga Note Added: 0001015


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker