Closed
Bug 133406
Opened 22 years ago
Closed 22 years ago
errors if quotes in short_desc
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: jayvdb, Assigned: myk)
References
Details
(Whiteboard: [blocker will fix])
Attachments
(2 files)
662 bytes,
patch
|
Details | Diff | Splinter Review | |
404 bytes,
patch
|
Details | Diff | Splinter Review |
show_bug.cgi does not filter quotes in the bug short_desc, resulting in invalid html.
Reporter | ||
Comment 1•22 years ago
|
||
Assignee | ||
Comment 2•22 years ago
|
||
I believe FILTER html or FILTER url will do this.
Reporter | ||
Comment 3•22 years ago
|
||
I tried those, with html doing nothing, and with uri, spaces become %20 and quotes become %22
Reporter | ||
Comment 4•22 years ago
|
||
From http://www.template-toolkit.org/docs/plain/Manual/Filters.html#html "html Converts the characters '<', '>' and '&' to '<', '>' and '&', respectively, protecting them from being interpreted as representing HTML tags or entities. " Hence no effect in this case.
Assignee | ||
Comment 5•22 years ago
|
||
Newer versions of the Template Toolkit's HTML filter do convert quotes to ", and the next release of Bugzilla will probably require version 2.07 when it is shortly released.
Reporter | ||
Comment 6•22 years ago
|
||
Strangely enough, v2.06 does as well if I am reading Filter.pm:280 correctly. s/"/"/g; ... yet it is not working for me.
Comment 7•22 years ago
|
||
We override the html filter to use html_quote from CGI.pl, which doesn't escape quotes. myk, should we just remove that override? It only affected a development version of TT. of course, html_quote should handle ", too...
Comment 8•22 years ago
|
||
See also bug 133425. Sorry, this one was first, so strictly speaking that one should depend on this one...
Assignee | ||
Comment 9•22 years ago
|
||
We can't remove the override until TT releases a stable version with the proper behavior. This should happen in the near future (2.07 is on a release track). In the meantime, we should hack html_quote to do quotation marks as well.
Comment 10•22 years ago
|
||
Looking for reviews & checkin then...
Comment 11•22 years ago
|
||
myk: Why not? The current stable release (2.06) wasn't affected, I thought.
Comment 12•22 years ago
|
||
I swapped the dependencies back because this is included on the patch on the other bug, so when that gets checked in, this will automatically get fixed.
Updated•22 years ago
|
Whiteboard: [blocker will fix[
Target Milestone: --- → Bugzilla 2.16
Updated•22 years ago
|
Whiteboard: [blocker will fix[ → [blocker will fix]
Comment 13•22 years ago
|
||
This got fixed incidentally in other show_bug cleanup work. So now either our html_quote does the right thing, or TTs will when we switch back to that. Gerv
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•