In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Advanced Details Jump to Notes ] Wiki ] View Simple ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0001417 [In-Portal CMS] Database bug report always 2012-10-20 06:44 2012-11-07 10:27
Reporter alex View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Platform
Status resolved   OS
  OS Version
ETA none Fixed in Version 5.2.1-B1 Product Version 5.1.0
  Target Version 5.2.1 Product Build
Time EstimateNo estimate
Summary 0001417: Data not escaped in "Query Database" section
Description n-Portal "Tools -> Query Database" section where administrator can perform simple database queries and see result right away.

I've noticed that this text from database "test_& amp;_test" (space between "&" and "amp;" add because Mantis breaks it otherwise) is displayed as "test_&_test" on that page. This means, that data isn't escaped before being displayed on a page.
Steps To Reproduce
Additional Information
Tags No tags attached.
Reference https://groups.google.com/d/topic/in-portal-bugs/ckjKdgkBZbk/discussion
Change Log Message Fixes data not being escaped in "Query Database" section
Estimate Points 1
Attached Files patch file icon query_database_escape_1417.patch [^] (509 bytes) 2012-11-07 09:58 [Show Content]
patch file icon query_database_escape_1417_v2.patch [^] (4,642 bytes) 2012-11-07 10:26 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0005260)
erik (manager)
2012-11-07 05:51

Done. Needs testing
User avatar (0005262)
erik (manager)
2012-11-07 05:51

Patch attached
User avatar (0005269)
alex (manager)
2012-11-07 07:30

1. Doesn't work. See function "array_map" (http://php.net/manual/en/function.array-map.php) documentation for more info.
User avatar (0005276)
erik (manager)
2012-11-07 10:00

Fixed array_map usage. Patch replaced with new version. Needs testing
User avatar (0005278)
alex (manager)
2012-11-07 10:26

Patch "query_database_escape_1417_v2.patch" adds some code formatting plus moves escaping from data gathering place to data output place.
User avatar (0005279)
alex (manager)
2012-11-07 10:27

OK
User avatar (0005280)
alex (manager)
2012-11-07 10:27

Fix committed to 5.2.x branch. Commit Message:

Fixes 0001417: Data not escaped in "Query Database" section
Commit on behalf of Erik

- Related Changesets
In-Portal CMS: 5.2.x r15618
Timestamp: 2012-11-07 10:27:32
Author: alex
Details ] Diff ]
Fixes 0001417: Data not escaped in "Query Database" section
Commit on behalf of Erik
mod - /in-portal/branches/5.2.x/core/admin_templates/tools/sql_query.tpl Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/admin/admin_events_handler.php Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/admin/admin_tag_processor.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-11-07 10:27 alex Note Added: 0005280
2012-11-07 10:27 alex Status reviewed and tested => resolved
2012-11-07 10:27 alex Fixed in Version => 5.2.1-B1
2012-11-07 10:27 alex Resolution open => fixed
2012-11-07 10:27 alex Assigned To !COMMUNITY => alex
2012-11-07 10:27 alex Changeset attached 5.2.x r15618
2012-11-07 10:27 alex Note Added: 0005279
2012-11-07 10:27 alex Assigned To alex => !COMMUNITY
2012-11-07 10:27 alex Status needs testing => reviewed and tested
2012-11-07 10:26 alex Note Added: 0005278
2012-11-07 10:26 alex File Added: query_database_escape_1417_v2.patch
2012-11-07 10:00 erik Note Added: 0005276
2012-11-07 10:00 erik Assigned To erik => alex
2012-11-07 10:00 erik Status needs work => needs testing
2012-11-07 09:58 erik File Added: query_database_escape_1417.patch
2012-11-07 09:58 erik File Deleted: query_database_escape_1417.patch
2012-11-07 09:39 alex Description Updated View Revisions
2012-11-07 07:30 alex Note Added: 0005269
2012-11-07 07:30 alex Assigned To => erik
2012-11-07 07:30 alex Status needs testing => needs work
2012-11-07 05:51 erik Note Added: 0005262
2012-11-07 05:51 erik Developer => erik
2012-11-07 05:51 erik Status active => needs testing
2012-11-07 05:51 erik File Added: query_database_escape_1417.patch
2012-11-07 05:51 erik Note Added: 0005260
2012-10-20 06:44 alex New Issue
2012-10-20 06:44 alex Reference => https://groups.google.com/d/topic/in-portal-bugs/ckjKdgkBZbk/discussion
2012-10-20 06:44 alex Change Log Message => Fixes data not being escaped in "Query Database" section
2012-10-20 06:44 alex Estimate Points => 1



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker