348308 - Email approval/denial comment is escaped for SQL

Status: VERIFIED FIXED

(addons.mozilla.org Graveyard :: Developer Pages, defect)

Description

[Justin Scott [:fligtar]]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

The comment sent in the email is escaped for SQL, making quotes coverted to htmlentities and single quotes escaped.

Reproducible: Always

Actual Results:  
Test Example:

Welcome to the Internet! 1.0 - Approval Granted
Your item, Welcome to the Internet! 1.0, has been reviewed by a Mozilla Update editor who took the following action:
Approval Granted

Please Note: It may take up to 30 minutes for your extension to be available for download.

Your item was tested by Justin Scott using Firefox 1.5-2.0a1 on BSD, Linux, MacOSX, Solaris, Windows.
Editor's Comments:
 I\'m sorry, but I\'m denying your extension because it needs uncommon external software in order to work, and as we don\'t have access to this software we are not likely to be able to review it any time soon. It has been in the queue for some time now, and I thought it would be bad to leave you without feedback any longer.
----
Mozilla Update: https://update-staging.mozilla.org/~fligtar/v1-approval/

Comment 1

[Justin Scott [:fligtar]]

Attachment: patch

What do you know, I already have a patch made for it!

Comment 2

[Cameron]

*** Bug 295114 has been marked as a duplicate of this bug. ***

Comment 3

[Michael Morgan [:morgamic]]

Committed.  Thanks, Justin -- you are t3h aw3s0m3.

Comment 4

[Cameron]

Anything between < and >, and the "\" character is still stripped, but this is a definite improvement.