The fix in bug 505652 makes sure titles are properly escaped on display, e.g. on tiki-view_forum_thread.php However, because previously titles were being escaped in the database instead, this leads to double escaping. For an example of this see: https://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&comments_parentId=411589&forumId=1 versus https://support-stage.mozilla.org/tiki-view_forum_thread.php?locale=en-US&comments_parentId=411589&forumId=1 Note that ON EDIT they have the same (wrong) title: https://support.mozilla.com/tiki-view_forum.php?locale=en-US&comments_offset=1&comments_threshold=0&comments_threadId=411589&openpost=1&forumId=1 https://support-stage.mozilla.org/tiki-view_forum.php?locale=en-US&comments_offset=1&comments_threshold=0&comments_threadId=411589&openpost=1&forumId=1 It looks like this fix needs a SQL update.
Since these will not occur after the push of bug 505652, the quickest way would be to simply run a script on sumotools after push with that day's db copy, and re-populate the data in the tiki_comments table.
Created attachment 395746 [details] script that generates SQL dump Here's a script that generates the SQL dump to run AFTER we push bug 505652. This will create a dump to unescape all the comment titles, data and summary from the database. My local SUMO database dates from July 1st and has ~3000 rows. However, Cheng did the same query count on yesterday's dump and the count is now over 17K. I suspect that bug 500146 is the cause of this *huge* increase, because it escapes data before submitted to the database. The only concern here is for comments that actually contain the characters, and which were posted before bug 500146 was pushed - this accounts for around 2000, which Cheng says is fine. We assumed the date for the 1.2 push was around June 26.
Created attachment 395747 [details] script that generates SQL dump Forgot to remove something while I was testing.
Attachment #395747 - Attachment mime type: application/x-httpd-php → text/plain
Comment on attachment 395747 [details] script that generates SQL dump Did you mean: http://us3.php.net/microtime with get_as_float set, and: http://us3.php.net/manual/en/function.htmlspecialchars-decode.php Otherwise looks ok.
Attachment #395747 - Flags: review?(laura) → review-
Created attachment 395972 [details] script that generates SQL dump, v2 Cool, I really didn't know there's a function to reverse. Thanks!
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
Target Milestone: 1.4 → 1.3
You need to log in before you can comment on or make changes to this bug.