Closed Bug 264785 Opened 20 years ago Closed 17 years ago

config.rdf needs XML filtering of output to generate valid HTML (Template-Toolkit 2.15 and older do not escape all reserved characters correctly)

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
2.17.6
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 3.0

People

(Reporter: kiko, Assigned: LpSolit)

References

Details

Attachments

(2 files, 1 obsolete file)

patch, v2
8.54 KB, patch
mkanat
: review+
Details | Diff | Splinter Review
patch for 3.0.x, v1
8.52 KB, patch
mkanat
: review+
Details | Diff | Splinter Review 
config.rdf needs XML filtering of output to generate valid RDF/XML; it's
currently breaking for component names with ampersands in them, for instance.
Attached patch kiko_v1: trivial (obsolete) — Splinter Review 

    
    

    
  
Comment on attachment 162384 [details] [diff] [review]
kiko_v1: trivial

This patch also adds content to certain <li> elements that had none. Makes the
output nicer to read and style and parse.

        Attachment #162384 -
        Flags: review?(gerv)

    
    

    
  
Comment on attachment 162384 [details] [diff] [review]
kiko_v1: trivial

Hang on, though. Shouldn't the first filter (URI) escape any ampersands? And,
if it doesn't, then we are using the wrong filter, and should be using
url_quote?

Gerv

    
    

    
  
Hmmm. It isn't, and yeah, I suspect that's the way to do it.


    
    

    
  
Comment on attachment 162384 [details] [diff] [review]
kiko_v1: trivial

Removing review; this bug ish currently with kiko to update the patch.

Gerv

        Attachment #162384 -
        Flags: review?(gerv)

    
  
QA Contact: mattyt-bugzilla → default-qa

    
  
Blocks: 398701

    
    

    
  
(In reply to comment #3)
> (From update of attachment 162384 [details] [diff] [review])
> Hang on, though. Shouldn't the first filter (URI) escape any ampersands? And,
> if it doesn't, then we are using the wrong filter, and should be using
> url_quote?

Ampersands and some other reserved characters were not correctly escaped in older versions of Template::Toolkit. This filter has been fixed in TT 2.16, released on Feb 9, 2007. As this release is a bit too recent to be required in Bugzilla 3.2, we will replace |FILTER uri| by |FILTER url_quote| for now, and then kill |FILTER url_quote| in favor of |FILTER uri| in Bugzilla 4.0 as both filters now behave exactly the same way, see bug 398701.
Flags: blocking3.1.3?
OS: Linux → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 3.2

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch, v2Splinter Review
      

    


  
Assignee: kiko → LpSolit

        Attachment #162384 -
        Attachment is obsolete: true
Status: NEW → ASSIGNED

        Attachment #283828 -
        Flags: review?(mkanat)

    
    

    
  
Comment on attachment 283828 [details] [diff] [review]
patch, v2

Looks good to me. Looks like this also filters a few things correctly (with FILTER html) that really shouldn't have been FILTER uri, which is good.

        Attachment #283828 -
        Flags: review?(mkanat) → review+

    
  
Flags: blocking3.1.3?
Flags: blocking3.1.3+
Flags: approval+
Target Milestone: Bugzilla 3.2 → Bugzilla 3.0

    
    

    
  


  
Backport for 3.0.x. Same patch as on trunk, except that 'urlbase' is still written as Param('urlbase').

        Attachment #283941 -
        Flags: review?(mkanat)

    
    

    
  
Comment on attachment 283941 [details] [diff] [review]
patch for 3.0.x, v1

r=mkanat by inspection. I'm just assuming you tested it.

        Attachment #283941 -
        Flags: review?(mkanat) → review+

    
  
Flags: approval3.0+

    
    

    
  
tip:

Checking in template/en/default/config.rdf.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/config.rdf.tmpl,v  <--  config.rdf.tmpl
new revision: 1.11; previous revision: 1.10
done
Checking in template/en/default/admin/components/confirm-delete.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/confirm-delete.html.tmpl,v  <--  confirm-delete.html.tmpl
new revision: 1.12; previous revision: 1.11
done
Checking in template/en/default/admin/products/confirm-delete.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/confirm-delete.html.tmpl,v  <--  confirm-delete.html.tmpl
new revision: 1.9; previous revision: 1.8
done
Checking in template/en/default/bug/dependency-tree.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/dependency-tree.html.tmpl,v  <--  dependency-tree.html.tmpl
new revision: 1.27; previous revision: 1.26
done
Checking in template/en/default/list/list.ics.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.ics.tmpl,v  <--  list.ics.tmpl
new revision: 1.9; previous revision: 1.8
done
Checking in template/en/default/list/quips.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/quips.html.tmpl,v  <--  quips.html.tmpl
new revision: 1.22; previous revision: 1.21
done


3.0.2:

Checking in template/en/default/config.rdf.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/config.rdf.tmpl,v  <--  config.rdf.tmpl
new revision: 1.7.2.2; previous revision: 1.7.2.1
done
Checking in template/en/default/admin/components/confirm-delete.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/components/confirm-delete.html.tmpl,v  <--  confirm-delete.html.tmpl
new revision: 1.9.2.1; previous revision: 1.9
done
Checking in template/en/default/admin/products/confirm-delete.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/products/confirm-delete.html.tmpl,v  <--  confirm-delete.html.tmpl
new revision: 1.7.2.1; previous revision: 1.7
done
Checking in template/en/default/bug/dependency-tree.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/dependency-tree.html.tmpl,v  <--  dependency-tree.html.tmpl
new revision: 1.25.2.1; previous revision: 1.25
done
Checking in template/en/default/list/list.ics.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.ics.tmpl,v  <--  list.ics.tmpl
new revision: 1.6.2.1; previous revision: 1.6
done
Checking in template/en/default/list/quips.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/quips.html.tmpl,v  <--  quips.html.tmpl
new revision: 1.19.2.1; previous revision: 1.19
done

Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Summary: config.rdf needs XML filtering of output to generate valid HTML → config.rdf needs XML filtering of output to generate valid HTML (Template-Toolkit 2.15 and older do not escape all reserved characters correctly)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: