Closed Bug 305807 Opened 19 years ago Closed 19 years ago

Fix some incorrect template filtering types

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
2.21
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.20

People

(Reporter: bugzilla, Assigned: bugzilla)

Details

Attachments

(2 files, 1 obsolete file)

Fix some filtering for 2.20
9.31 KB, patch
LpSolit
: review+
Details | Diff | Splinter Review
fix some filtering types v2 (tip)
9.44 KB, patch
bugzilla
: review+
Details | Diff | Splinter Review 
There are some filters in the template which are 'html' which should be 'url_quote'.

This is an extension of bug#304303
The quick rule of thumb here is:

FILTER url_quote should be used anywhere that you are escaping ONLY the key or
the value of an individual query string parameter.

FILTER html should be used anywhere that the string being escaped encompasses
more than one parameter or an entire URL.

html will turn a & into &

url_quote will turn a & into %29.

Remember the above and that & separates parameters in the query string and
you'll be all set.
I thought that everything which was in an anchor <a href="foo"> should be
url_quoted, i.e. [% foo FILTER url_quote %]?
Attached patch fix some filtering types (obsolete) — Splinter Review 

        Attachment #199344 -
        Flags: review?

    
    

    
  
Comment on attachment 199344 [details] [diff] [review]
fix some filtering types

r=LpSolit by inspection. I didn't check if you missed some other incorrectly
filtered directories, but those in this patch look correct.

Nit: could you update your patch and include
admin/classification/edit.html.tmpl as well? product.description is incorrectly
filtered (it should be FILTER none).

Carry forward my r+ if you decide to update your patch.

        Attachment #199344 -
        Flags: review? → review+

    
    

    
  
The patch doesn't apply cleanly on the 2.20 branch. Requesting approval for 2.22
only.
Status: NEW → ASSIGNED
Flags: approval?
Target Milestone: --- → Bugzilla 2.22

    
    

    
  
I'd like to see this on 2.20 if someone can backport it.
Flags: blocking2.20.1+
Target Milestone: Bugzilla 2.22 → Bugzilla 2.20

        Attachment #199344 -
        Flags: review+

    
    

    
  


  
Backport to 2.20.

I added the edit classifications fix and the remove saved search fix which
prompted the bug in the first place. One of the 'tip' fixes is not relevant for
2.20

    
  

        Attachment #199834 -
        Flags: review?

    
    

    
  
Comment on attachment 199834 [details] [diff] [review]
Fix some filtering for 2.20

r=LpSolit by inspection

        Attachment #199834 -
        Flags: review? → review+

    
  
Flags: approval2.20?

    
    

    
  


  
Carrying over lpsolit r+, having added his requested change

        Attachment #199344 -
        Attachment is obsolete: true

        Attachment #199841 -
        Flags: review+
Flags: approval?
Flags: approval2.20?
Flags: approval2.20+
Flags: approval+

    
    

    
  
tip:

Checking in template/en/default/admin/classifications/edit.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/edit.html.tmpl,v
 <--  edit.html.tmpl
new revision: 1.6; previous revision: 1.5
done
Checking in template/en/default/admin/groups/deleted.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/deleted.html.tmpl,v
 <--  deleted.html.tmpl
new revision: 1.2; previous revision: 1.1
done
Checking in template/en/default/admin/groups/list.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/list.html.tmpl,v
 <--  list.html.tmpl
new revision: 1.3; previous revision: 1.2
done
Checking in template/en/default/attachment/diff-header.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/attachment/diff-header.html.tmpl,v
 <--  diff-header.html.tmpl
new revision: 1.11; previous revision: 1.10
done
Checking in template/en/default/bug/summarize-time.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/summarize-time.html.tmpl,v
 <--  summarize-time.html.tmpl
new revision: 1.2; previous revision: 1.1
done
Checking in template/en/default/global/user-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl,v
 <--  user-error.html.tmpl
new revision: 1.134; previous revision: 1.133
done
Checking in template/en/default/list/list.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.html.tmpl,v 
<--  list.html.tmpl
new revision: 1.40; previous revision: 1.39
done


2.20:

Checking in template/en/default/account/prefs/saved-searches.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/prefs/saved-searches.html.tmpl,v
 <--saved-searches.html.tmpl
new revision: 1.5.6.2; previous revision: 1.5.6.1
done
Checking in template/en/default/admin/classifications/edit.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/classifications/edit.html.tmpl,v
 <--  edit.html.tmpl
new revision: 1.3.6.1; previous revision: 1.3
done
Checking in template/en/default/admin/groups/deleted.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/deleted.html.tmpl,v
 <--  deleted.html.tmpl
new revision: 1.1.8.1; previous revision: 1.1
done
Checking in template/en/default/admin/groups/list.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/groups/list.html.tmpl,v
 <--  list.html.tmpl
new revision: 1.1.8.1; previous revision: 1.1
done
Checking in template/en/default/attachment/diff-header.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/attachment/diff-header.html.tmpl,v
 <--  diff-header.html.tmpl
new revision: 1.10.2.1; previous revision: 1.10
done
Checking in template/en/default/bug/summarize-time.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/summarize-time.html.tmpl,v
 <--  summarize-time.html.tmpl
new revision: 1.1.4.1; previous revision: 1.1
done
Checking in template/en/default/global/user-error.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/global/user-error.html.tmpl,v
 <--  user-error.html.tmpl
new revision: 1.115.2.6; previous revision: 1.115.2.5
done

Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: