Savane - Bugs: bug #2874, html escape is not working [Gna!]

Savane - Bugs: bug #2874, html escape is not working

Group

Main
- Main
- View Members
- Search
Homepage
Download
Docs
- Browse
- Submit
- Edit
- Digest
- Export
- Search
Support
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Mailing Lists
Source Code
- Use Subversion
- Browse Sources Repository
Bugs
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Tasks
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
News
- Browse
- Atom Feed
- Submit
- Manage

Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

bug #2874: html escape is not working

Submitted by:	Mathieu Roy <yeupou>
Submitted on:	Tue 13 Sep 2005 12:59:46 PM UTC

Category:	Web Frontend: Trackers	Status:	Fixed
Severity:	4 - Important	Priority:	E - Immediate
Assigned to:	None	Open/Closed:	Closed
Release:	1.0.8	Planned Release:	1.1
Reproducibility:	None	Privacy:	Public

( Jump to the original submission)

Wed 14 Sep 2005 09:11:28 AM UTC, comment #8: I've seen that you made the upgrade, so I'm closing this.	Mathieu Roy <yeupou>
Tue 13 Sep 2005 01:53:04 PM UTC, comment #7: I let this item closed until GNU Savannah upgrades. Considering the number of users, it would be easy to find one interested in doing something harmful, if possible. But in the meantime, I'm releasing 1.1.	Mathieu Roy <yeupou>
Tue 13 Sep 2005 01:51:48 PM UTC, comment #6: Yes, I just noticed that Gna! is already running the latest CVS code with your fix included, that's why things look normal. At least your fix seems to work correctly, HTML is no longer displayed verbatim, and the issue with the @-sign within URLs is still solved (bug #2689).	Tobias Quathamer <toddy>
Tue 13 Sep 2005 01:44:22 PM UTC, comment #5: I had thousands, see the two bugs I've closed as duplicates. You should be able to enter html easily at GNU Savannah. Gna! is upgraded.	Mathieu Roy <yeupou>
Tue 13 Sep 2005 01:38:25 PM UTC, comment #4: Do you have an example? I could only find one, namely bug #416, and it seems to correctly escape the HTML tags there.	Tobias Quathamer <toddy>
Tue 13 Sep 2005 01:35:43 PM UTC, comment #3: I'll repackage 1.0.8 plus this fix and call that 1.1.	Mathieu Roy <yeupou>
Tue 13 Sep 2005 01:16:31 PM UTC, comment #2: Please, check the following item, I set it as private as being able to insert html in forms is quite serious.	Mathieu Roy <yeupou>
Tue 13 Sep 2005 01:15:52 PM UTC, comment #1: This fix is guilty: http://cvs.gna.org/cvsweb/savane/frontend/php/include/utils.php.diff?r1=1.72;r2=1.73;cvsroot=savane;f=h It make html tags out of what has been on purpose set as html entities, not to be rendered as tags.	Mathieu Roy <yeupou>
Tue 13 Sep 2005 12:59:46 PM UTC, original submission: html escaping is not working in current version. It was in 1.0.6. This could allow to enter html in items and as such, it must be fixed right now. I think this bug is too serious to wait so I'm confronted with the choice of anticipating 1.1: - with the current trunk, with new features not ultra-widely tested - as 1.0.8 + this fix. It would not fix for a repackaging, because it is a bug inside the software.	Mathieu Roy <yeupou>

No files currently attached

Depends on the following items: None found

Items that depend on this one: None found

Carbon-Copy List

-unavailable- added by toddy (Updated the item)

-unavailable- added by yeupou

-unavailable- added by yeupou (Submitted the item)

Do you think this task is very important?
If so, you can click here to add your encouragement to it.
This task has 0 encouragements so far.

Only logged-in users can vote.

Please enter the title of George Orwell's famous dystopian book (it's a date):

Follow 9 latest changes.

Date	Changed By	Updated Field	Previous Value	Replaced By
Wed 14 Sep 2005 09:11:28 AM UTC	yeupou	Status	Ready For Test	Fixed
		Privacy	Private	Public
		Open/Closed	-Automatic update due to transitions settings-	Closed
Tue 13 Sep 2005 01:51:48 PM UTC	toddy	Status	In Progress	Ready For Test
Tue 13 Sep 2005 01:38:25 PM UTC	toddy	Status	None	In Progress
Tue 13 Sep 2005 01:35:43 PM UTC	yeupou	Status	In Progress	None
Tue 13 Sep 2005 01:16:31 PM UTC	yeupou	Carbon-Copy	-	Added toddy
		Carbon-Copy	-	Added beuc
Tue 13 Sep 2005 01:15:52 PM UTC	yeupou	Status	None	In Progress

Show feedback again