In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Relationship Graph View Issue ] Dependency Graph ]
related to child of duplicate of

Viewing Issue Simple Details
ID Category Type Reproducibility Date Submitted Last Update
0000530 [In-Portal CMS] Front End feature request N/A 2010-01-05 04:59 2010-07-22 15:06
Reporter alex View Status public  
Assigned To alex
Priority normal Resolution fixed  
Status closed      
Summary 0000530: Improvements of "m_Get" and "m_GetConfig" tags
Description Tag "m_Get" is used to retrieve any variable from browser (get, post, cookie). This tag has internal parameter named "htmlchars", which applies "htmlspecialchars" function on it's result. This functionality is redundant, since we have "html_escape" parameter, that is processed for each tag, that does the same. I propose to remove "htmlchars" parameter processing.

There is another issue with "m_Get" tag. As security measure we apply "htmlspecialchars" by default on all browser variables, that are used on front-end (this way all type of injections are prevented). In case if developer wan't to output actual variable's value without "htmlspecialchars" function applied to it, then there is no way. I propose to add "no_html_escape" parameter that will do that for "m_Get" tag.

Tag "m_GetConfig" is used to retrieve configuration variable's value by given name. Also "escape" parameter is processed internally, that does the same as global tag parameter "js_escape". So I propose to remove it too.
Additional Information



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker