Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000351Piwigodisplaypublic2006.04.25 01:362006.06.04 10:49
Reporterrvelices 
Assigned Tochrisaga 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.6.0RC1 
Target VersionFixed in Version1.6.0RC2 
Summary0000351: htmlentities should not be applied to comments
Descriptionin parse_comment_content: we put html code for urls, underline, bold and italic and then we call htmlentities on the result ?
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0000848)
rvelices (developer)
2006.04.25 02:00

Forgot to say that htmlspecialchars is already applied to the comment before being inserted in the database.
(0000853)
chrisaga (developer)
2006.04.25 22:27

Must use htmlentities() before setting the html tags

Fixed in 1.6 ([Subversion] r1271) merged in BSF ([Subversion] r1272)
(0000854)
rvelices (developer)
2006.04.25 22:59
edited on: 2006.04.25 23:00

> Must use htmlentities() before setting the html tags
In fact no. If you input a comment "me & you" it will be saved in the database as "me & you" (I dont think it is a good idea, but this the way it is today).
Applying htmlentities a second time is not good.

However svn versions are ok because you are calling the htmlentities but you don't assign the result to anything.

I let you close this bug if you agree.

(0000856)
chrisaga (developer)
2006.04.26 07:54

OK, I was too fast on this one <:o(

useless code removed in 1.6 ([Subversion] r1275) merged in BSF ([Subversion] r1276)

In fact i was disturbed by the fact that bold (*world*) patterns don't seem to work. Do they ?
(0001015)
chrisaga (developer)
2006.06.04 10:49

Sould have been closed long ago

- Issue History
Date Modified Username Field Change
2006.04.25 01:36 rvelices New Issue
2006.04.25 01:36 rvelices browser => any
2006.04.25 01:36 rvelices Web server => Apache 1.3.x
2006.04.25 02:00 rvelices Note Added: 0000848
2006.04.25 22:25 chrisaga Status new => assigned
2006.04.25 22:25 chrisaga Assigned To => chrisaga
2006.04.25 22:27 chrisaga Status assigned => resolved
2006.04.25 22:27 chrisaga Fixed in Version => 1.6.0RC2
2006.04.25 22:27 chrisaga Resolution open => fixed
2006.04.25 22:27 chrisaga Note Added: 0000853
2006.04.25 22:59 rvelices Status resolved => feedback
2006.04.25 22:59 rvelices Resolution fixed => reopened
2006.04.25 22:59 rvelices Note Added: 0000854
2006.04.25 23:00 rvelices Note Edited: 0000854
2006.04.26 07:54 chrisaga Status feedback => resolved
2006.04.26 07:54 chrisaga Resolution reopened => fixed
2006.04.26 07:54 chrisaga Note Added: 0000856
2006.06.04 10:49 chrisaga Status resolved => closed
2006.06.04 10:49 chrisaga Note Added: 0001015


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker