If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

config.rdf needs XML filtering of output to generate valid HTML (Template-Toolkit 2.15 and older do not escape all reserved characters correctly)

RESOLVED FIXED in Bugzilla 3.0

Status

()

Bugzilla
Bugzilla-General
RESOLVED FIXED
13 years ago
10 years ago

People

(Reporter: Christian Reis, Assigned: Frédéric Buclin)

Tracking

2.17.6
Bugzilla 3.0
Bug Flags:
approval +
blocking3.1.3 +
approval3.0 +

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

13 years ago
config.rdf needs XML filtering of output to generate valid RDF/XML; it's
currently breaking for component names with ampersands in them, for instance.
(Reporter)

Comment 1

13 years ago
Created attachment 162384 [details] [diff] [review]
kiko_v1: trivial
(Reporter)

Comment 2

13 years ago
Comment on attachment 162384 [details] [diff] [review]
kiko_v1: trivial

This patch also adds content to certain <li> elements that had none. Makes the
output nicer to read and style and parse.
Attachment #162384 - Flags: review?(gerv)
Comment on attachment 162384 [details] [diff] [review]
kiko_v1: trivial

Hang on, though. Shouldn't the first filter (URI) escape any ampersands? And,
if it doesn't, then we are using the wrong filter, and should be using
url_quote?

Gerv
(Reporter)

Comment 4

13 years ago
Hmmm. It isn't, and yeah, I suspect that's the way to do it.
Comment on attachment 162384 [details] [diff] [review]
kiko_v1: trivial

Removing review; this bug ish currently with kiko to update the patch.

Gerv
Attachment #162384 - Flags: review?(gerv)

Updated

11 years ago
QA Contact: mattyt-bugzilla → default-qa
(Assignee)

Updated

10 years ago
Duplicate of this bug: 345346
(Assignee)

Updated

10 years ago
Blocks: 398701
(Assignee)

Comment 7

10 years ago
(In reply to comment #3)
> (From update of attachment 162384 [details] [diff] [review])
> Hang on, though. Shouldn't the first filter (URI) escape any ampersands? And,
> if it doesn't, then we are using the wrong filter, and should be using
> url_quote?

Ampersands and some other reserved characters were not correctly escaped in older versions of Template::Toolkit. This filter has been fixed in TT 2.16, released on Feb 9, 2007. As this release is a bit too recent to be required in Bugzilla 3.2, we will replace |FILTER uri| by |FILTER url_quote| for now, and then kill |FILTER url_quote| in favor of |FILTER uri| in Bugzilla 4.0 as both filters now behave exactly the same way, see bug 398701.
Flags: blocking3.1.3?
OS: Linux → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 3.2
(Assignee)

Comment 8

10 years ago
Created attachment 283828 [details] [diff] [review]
patch, v2
Assignee: kiko → LpSolit
Attachment #162384 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #283828 - Flags: review?(mkanat)

Comment 9

10 years ago
Comment on attachment 283828 [details] [diff] [review]
patch, v2

Looks good to me. Looks like this also filters a few things correctly (with FILTER html) that really shouldn't have been FILTER uri, which is good.
Attachment #283828 - Flags: review?(mkanat) → review+

Updated

10 years ago
Flags: blocking3.1.3?
Flags: blocking3.1.3+
Flags: approval+
Target Milestone: Bugzilla 3.2 → Bugzilla 3.0
(Assignee)

Comment 10

10 years ago
Created attachment 283941 [details] [diff] [review]
patch for 3.0.x, v1

Backport for 3.0.x. Same patch as on trunk, except that 'urlbase' is still written as Param('urlbase').
Attachment #283941 - Flags: review?(mkanat)

Comment 11

10 years ago
Comment on attachment 283941 [details] [diff] [review]
patch for 3.0.x, v1

r=mkanat by inspection. I'm just assuming you tested it.
Attachment #283941 - Flags: review?(mkanat) → review+

Updated

10 years ago
Flags: approval3.0+
(Assignee)

Comment 12

10 years ago
tip:

Checking in template/en/default/config.rdf.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/config.rdf.tmpl,v  <--  config.rdf.tmpl
new revision: 1.11; previous revision: 1.10
done
Checking in template/en/default/admin/components/confirm-delete.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/confirm-delete.html.tmpl,v  <--  confirm-delete.html.tmpl
new revision: 1.12; previous revision: 1.11
done
Checking in template/en/default/admin/products/confirm-delete.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/confirm-delete.html.tmpl,v  <--  confirm-delete.html.tmpl
new revision: 1.9; previous revision: 1.8
done
Checking in template/en/default/bug/dependency-tree.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/dependency-tree.html.tmpl,v  <--  dependency-tree.html.tmpl
new revision: 1.27; previous revision: 1.26
done
Checking in template/en/default/list/list.ics.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.ics.tmpl,v  <--  list.ics.tmpl
new revision: 1.9; previous revision: 1.8
done
Checking in template/en/default/list/quips.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/quips.html.tmpl,v  <--  quips.html.tmpl
new revision: 1.22; previous revision: 1.21
done


3.0.2:

Checking in template/en/default/config.rdf.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/config.rdf.tmpl,v  <--  config.rdf.tmpl
new revision: 1.7.2.2; previous revision: 1.7.2.1
done
Checking in template/en/default/admin/components/confirm-delete.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/confirm-delete.html.tmpl,v  <--  confirm-delete.html.tmpl
new revision: 1.9.2.1; previous revision: 1.9
done
Checking in template/en/default/admin/products/confirm-delete.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/confirm-delete.html.tmpl,v  <--  confirm-delete.html.tmpl
new revision: 1.7.2.1; previous revision: 1.7
done
Checking in template/en/default/bug/dependency-tree.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/dependency-tree.html.tmpl,v  <--  dependency-tree.html.tmpl
new revision: 1.25.2.1; previous revision: 1.25
done
Checking in template/en/default/list/list.ics.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.ics.tmpl,v  <--  list.ics.tmpl
new revision: 1.6.2.1; previous revision: 1.6
done
Checking in template/en/default/list/quips.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/quips.html.tmpl,v  <--  quips.html.tmpl
new revision: 1.19.2.1; previous revision: 1.19
done
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Summary: config.rdf needs XML filtering of output to generate valid HTML → config.rdf needs XML filtering of output to generate valid HTML (Template-Toolkit 2.15 and older do not escape all reserved characters correctly)
You need to log in before you can comment on or make changes to this bug.