Closed
Bug 279368
Opened 20 years ago
Closed 19 years ago
Some data is stored as HTML in database fields
Categories
(addons.mozilla.org Graveyard :: Developer Pages, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 333124
People
(Reporter: alex, Assigned: Bugzilla-alanjstrBugs)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 For example: http://lxr.mozilla.org/mozilla/source/webtools/update/developers/commentsmanager.php#265 Two problems: 1. HTML is stored in the DB 2. The link includes UID which is an internal DB field. Mustn't be stored as HTML, should be a separate field. Todo: code review, to find all the places with similar issues. Reproducible: Always Steps to Reproduce:
|
||
Comment 1•19 years ago
|
||
I'm not sure if this is a related problem but... Commenting on extensions/themes is now allowing HTML to get into the DB. I have a HUGE problem with spammers spamming my site and my forum, and many of them spam the AMO comments too. I'm sure it won't be long before we start seeing comments like </a href="http://pornsite.com">Vely goot stuf hear!</a>
|
||
Comment 2•19 years ago
|
||
We strip from user-added comments now, which is the meat of the issue. Storing HTML in the database is amoral. :) *** This bug has been marked as a duplicate of 333124 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Target Milestone: 1.0 → 2.1
|
|
||
Updated•18 years ago
|
Target Milestone: 2.1 → ---
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•