Closed Bug 859188 Opened 11 years ago Closed 11 years ago

Characters such as & and + are not correctly encoded in URLs used in report tables

Categories

(Bugzilla :: Reporting/Charting, defect)

4.2.5
defect
Not set
normal

Tracking

()

RESOLVED FIXED
Bugzilla 4.2

People

(Reporter: ewong, Assigned: LpSolit)

References

Details

(Keywords: regression, Whiteboard: [fixed by blocker])

Attachments

(3 obsolete files)

Under the SeaMonkey product, this report can be generated:
https://bugzilla.mozilla.org/report.cgi?query_format=report-table&format=table&action=wrap&x_axis_field=bug_status&y_axis_field=component&product=SeaMonkey&resolution=---

As shown, under Startup/Profiles, there are 40 New bugs (as of this bug filing),
but when you click on the 40, it shows Zarro Bugs.

There should be a list of bugs which belongs to that component.
Summary: No bugs found when clicking on report component status. → No bugs found when clicking on NEW bugs for StartUp & Profiles in report component status.
Assignee: nobody → charting
Component: General → Reporting/Charting
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: default-qa
Summary: No bugs found when clicking on NEW bugs for StartUp & Profiles in report component status. → URLs are not encoded on report tables (no bugs found when clicking on a report with spaces in the component)
Version: Production → 4.2.5
Attached patch patch v1 (obsolete) — Splinter Review
Assignee: charting → glob
Status: NEW → ASSIGNED
Attachment #734489 - Flags: review?(LpSolit)
Depends on: 142394
Keywords: regression
OS: Windows Vista → All
Hardware: x86 → All
Target Milestone: --- → Bugzilla 4.2
Comment on attachment 734489 [details] [diff] [review]
patch v1

Why don't you use |FILTER uri| instead of encodeURIComponent()?
Comment on attachment 734489 [details] [diff] [review]
patch v1

See my previous comment. Use FILTER uri instead, for consistency.
Attachment #734489 - Flags: review?(LpSolit) → review-
Bugzilla 4.2 is now restricted to security fixes only.
Target Milestone: Bugzilla 4.2 → Bugzilla 4.4
Attached patch patch v2 (obsolete) — Splinter Review
Attachment #734489 - Attachment is obsolete: true
Attachment #760930 - Flags: review?(LpSolit)
Attached patch patch v3 (obsolete) — Splinter Review
need to FILTER js as well.
Attachment #760930 - Attachment is obsolete: true
Attachment #760930 - Flags: review?(LpSolit)
Attachment #761298 - Flags: review?(LpSolit)
Actually, whitespaces are not the problem. The problem is for characters such as & and + which are interpreted differently by the web browser.
Summary: URLs are not encoded on report tables (no bugs found when clicking on a report with spaces in the component) → Characters such as & and + are not correctly encoded in URLs used in report tables
Comment on attachment 761298 [details] [diff] [review]
patch v3

>+                          [% IF row_vals %]
>+                            + '&[% row_values FILTER uri FILTER js %]'
>+                          [% END %]

s/row_values/row_vals/.

Moreover, row_values and col_vals are already escaped, so you must not call FILTER uri again. About FILTER js, you would have to check. I applied your patch, and it doesn't work.
Attachment #761298 - Flags: review?(LpSolit) → review-
It will be fixed as a side-effect of bug 924932.
Assignee: glob → LpSolit
Depends on: CVE-2013-1743
Whiteboard: [fixed by blocker]
Target Milestone: Bugzilla 4.4 → Bugzilla 4.2
Attachment #761298 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: