Provide more information for the Atom summary

RESOLVED FIXED in Bugzilla 3.2

Status

()

Bugzilla
Query/Bug List
--
enhancement
RESOLVED FIXED
12 years ago
9 years ago

People

(Reporter: Frédéric Buclin, Assigned: Frédéric Buclin)

Tracking

(Blocks: 1 bug)

2.21
Bugzilla 3.2
Dependency tree / graph
Bug Flags:
approval +

Details

Attachments

(1 attachment, 2 obsolete attachments)

(Assignee)

Description

12 years ago
The reporter should be in the summary itself, as well as the resolution of the bug (actually, only its status is given) and its description (aka comment 0).
(Assignee)

Comment 1

12 years ago
Created attachment 201561 [details] [diff] [review]
patch, v1
Attachment #201561 - Flags: review?(bugreport)
(Assignee)

Updated

12 years ago
Attachment #201561 - Flags: review?(myk)

Updated

12 years ago
Attachment #201561 - Flags: review?(bugreport) → review+
(Assignee)

Updated

12 years ago
Attachment #201561 - Flags: review?(myk)
(Assignee)

Updated

12 years ago
Status: NEW → ASSIGNED
Flags: approval?
Flags: approval? → approval+
Flags: approval+ → approval?
This patch also seems to fix bug 127799 as a side effect...
Blocks: 127799
(Assignee)

Comment 3

12 years ago
list.rss.html no longer exists.
Flags: approval?
(Assignee)

Comment 4

11 years ago
I don't have time to play with it before 3.0
Assignee: LpSolit → query-and-buglist
Status: ASSIGNED → NEW
Target Milestone: Bugzilla 3.0 → ---
(Assignee)

Comment 5

11 years ago
Created attachment 251569 [details] [diff] [review]
patch, v2

Compared to the inital patch, I dropped the initial comment. We can add it separately if we want to.
Assignee: query-and-buglist → LpSolit
Attachment #201561 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #251569 - Flags: review?(bugzilla-mozilla)
(Assignee)

Updated

11 years ago
Summary: Give more information in the RSS summary → Provide more information for the Atom summary

Comment 6

11 years ago
Comment on attachment 251569 [details] [diff] [review]
patch, v2

>Index: template/en/default/list/list.atom.tmpl

>+      </tr><tr class="bz_feed_assignee">
>         <td>[% columns.assigned_to_realname.title FILTER none %]</td>
>         <td>[% bug.assigned_to_realname FILTER none %]</td>

I do not understand why this is FILTER none. If I change my realname to 'Olav <b>Vitters</b>' Firefox shows Vitters as bold within the Atom field, just as I would expect. I did see the FILTER xml, but that should is just some Atom specific thing (because the HTML has to be escaped). Bug.assigned_to_realname should still be escaped otherwise Atom clients which interpret the <td> will look at a <b> (etc) within a realname as well. Same for the other fields.
Attachment #251569 - Flags: review?(bugzilla-mozilla) → review-
(Assignee)

Comment 7

11 years ago
Created attachment 252207 [details] [diff] [review]
patch, v3

FILTER none -> FILTER html in the <summary> section as it uses type="html" and all HTML tags MUST be filtered, per the Atom specs: http://www.ietf.org/rfc/rfc4287
Attachment #251569 - Attachment is obsolete: true
Attachment #252207 - Flags: review?(bugzilla-mozilla)

Updated

11 years ago
Attachment #252207 - Flags: review?(bugzilla-mozilla) → review+

Updated

11 years ago
Flags: approval?
Target Milestone: --- → Bugzilla 3.0

Comment 8

11 years ago
Comment on attachment 252207 [details] [diff] [review]
patch, v3

By the way, why didn't you just change it to serve up columns based on the columnlist parameter? This is what clients keep asking me for, personally.
(Assignee)

Comment 9

11 years ago
Phil, it appears that the data in <summary> is currently incorrectly escaped, see my patch. Is there actually any *security* risk? If yes, then we will have to backport the filtering part of my patch on all branches.
Group: webtools-security

Comment 10

11 years ago
I'm fairly sure that this is a security bug for the same reason that bug 313441 was.
Depends on: 313441
(Assignee)

Updated

11 years ago
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2
(Assignee)

Comment 11

11 years ago
Note that I couldn't exploit this issue with the Sage extension of Firefox. It seems to sanitize the fields for me (at least when the field contains <script>, </tr>, </td>, ...).
Sigh. Yes, it's security and needs to be backported, because an untrusted person could assign himself to a bug you'll see, with a script-injecting realname. Sorry, I'm too used to systems that would refuse or strip that realname on input, rather than escape it on output. 
(Assignee)

Updated

11 years ago
Depends on: 367674
Since I don't see it mentioned here, the security portion of this bug was spun off as bug 367674.

Comment 14

11 years ago
Security advisory posted for bug 367674, so unlocking this bug.
Group: webtools-security
(Assignee)

Updated

11 years ago
Flags: approval? → approval+
(Assignee)

Comment 15

11 years ago
Checking in buglist.cgi;
/cvsroot/mozilla/webtools/bugzilla/buglist.cgi,v  <--  buglist.cgi
new revision: 1.352; previous revision: 1.351
done
Checking in template/en/default/list/list.atom.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.atom.tmpl,v  <--  list.atom.tmpl
new revision: 1.3; previous revision: 1.2
done
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED

Updated

11 years ago
Keywords: relnote
(Assignee)

Updated

10 years ago
Duplicate of this bug: 387104

Comment 17

9 years ago
Added to the release notes for Bugzilla 3.2 in a patch on bug 432331.
Keywords: relnote
You need to log in before you can comment on or make changes to this bug.