Post titles need to be updated for bug 505652

RESOLVED FIXED in 1.3

Status

support.mozilla.org
General
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: paulc, Assigned: paulc)

Tracking

unspecified

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: sumo_only)

Attachments

(1 attachment, 2 obsolete attachments)

(Assignee)

Description

9 years ago
The fix in bug 505652 makes sure titles are properly escaped on display, e.g. on tiki-view_forum_thread.php
However, because previously titles were being escaped in the database instead, this leads to double escaping. For an example of this see:
https://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&comments_parentId=411589&forumId=1
versus
https://support-stage.mozilla.org/tiki-view_forum_thread.php?locale=en-US&comments_parentId=411589&forumId=1

Note that ON EDIT they have the same (wrong) title:
https://support.mozilla.com/tiki-view_forum.php?locale=en-US&comments_offset=1&comments_threshold=0&comments_threadId=411589&openpost=1&forumId=1
https://support-stage.mozilla.org/tiki-view_forum.php?locale=en-US&comments_offset=1&comments_threshold=0&comments_threadId=411589&openpost=1&forumId=1

It looks like this fix needs a SQL update.
(Assignee)

Comment 1

9 years ago
Since these will not occur after the push of bug 505652, the quickest way would be to simply run a script on sumotools after push with that day's db copy, and re-populate the data in the tiki_comments table.
(Assignee)

Comment 2

9 years ago
Created attachment 395746 [details]
script that generates SQL dump

Here's a script that generates the SQL dump to run AFTER we push bug 505652.

This will create a dump to unescape all the comment titles, data and summary from the database. My local SUMO database dates from July 1st and has ~3000 rows. However, Cheng did the same query count on yesterday's dump and the count is now over 17K. I suspect that bug 500146 is the cause of this *huge* increase, because it escapes data before submitted to the database.

The only concern here is for comments that actually contain the characters, and which were posted before bug 500146 was pushed - this accounts for around 2000, which Cheng says is fine. We assumed the date for the 1.2 push was around June 26.
Attachment #395746 - Flags: review?(laura)
(Assignee)

Comment 3

9 years ago
Created attachment 395747 [details]
script that generates SQL dump

Forgot to remove something while I was testing.
Attachment #395746 - Attachment is obsolete: true
Attachment #395747 - Flags: review?(laura)
Attachment #395746 - Flags: review?(laura)

Updated

9 years ago
Attachment #395747 - Attachment mime type: application/x-httpd-php → text/plain

Comment 4

9 years ago
Comment on attachment 395747 [details]
script that generates SQL dump

Did you mean:
http://us3.php.net/microtime 
with get_as_float set, 
and:
http://us3.php.net/manual/en/function.htmlspecialchars-decode.php 

Otherwise looks ok.
Attachment #395747 - Flags: review?(laura) → review-
(Assignee)

Comment 5

9 years ago
Created attachment 395972 [details]
script that generates SQL dump, v2

Cool, I really didn't know there's a function to reverse. Thanks!
Attachment #395747 - Attachment is obsolete: true
Attachment #395972 - Flags: review?(laura)

Updated

9 years ago
Attachment #395972 - Flags: review?(laura) → review+

Updated

9 years ago
Target Milestone: 1.3 → 1.4

Updated

9 years ago
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
Target Milestone: 1.4 → 1.3
Whiteboard: sumo_only
You need to log in before you can comment on or make changes to this bug.