In-Portal Issue Tracker - In-Portal CMS
Viewing Issue Advanced Details
ID: Category: Type: Reproducibility: Date Submitted: Last Update:
1417 [In-Portal CMS] Database bug report always 2012-10-20 06:44 2012-11-07 10:27
Reporter: alex Platform:  
Assigned To: alex OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 5.1.0  
Product Build: Resolution: fixed  
 
ETA: none Fixed in Version: 5.2.1-B1  
Reference: https://groups.google.com/d/topic/in-portal-bugs/ckjKdgkBZbk/discussion
Change Log Message: Fixes data not being escaped in "Query Database" section
Estimate Points: 1
Summary: 0001417: Data not escaped in "Query Database" section
Description: n-Portal "Tools -> Query Database" section where administrator can perform simple database queries and see result right away.

I've noticed that this text from database "test_& amp;_test" (space between "&" and "amp;" add because Mantis breaks it otherwise) is displayed as "test_&_test" on that page. This means, that data isn't escaped before being displayed on a page.
Steps To Reproduce:
Additional Information:
Relationships
Attached Files: patch query_database_escape_1417.patch (509) 2012-11-07 09:58
http://tracker.in-portal.org/file_download.php?file_id=1861&type=bug
patch query_database_escape_1417_v2.patch (4,642) 2012-11-07 10:26
http://tracker.in-portal.org/file_download.php?file_id=1863&type=bug
Issue History
Date Modified Username Field Change
2012-11-07 10:27 alex Note Added: 0005280
2012-11-07 10:27 alex Status reviewed and tested => resolved
2012-11-07 10:27 alex Fixed in Version => 5.2.1-B1
2012-11-07 10:27 alex Resolution open => fixed
2012-11-07 10:27 alex Assigned To !COMMUNITY => alex
2012-11-07 10:27 alex Changeset attached 5.2.x r15618
2012-11-07 10:27 alex Note Added: 0005279
2012-11-07 10:27 alex Assigned To alex => !COMMUNITY
2012-11-07 10:27 alex Status needs testing => reviewed and tested
2012-11-07 10:26 alex Note Added: 0005278
2012-11-07 10:26 alex File Added: query_database_escape_1417_v2.patch
2012-11-07 10:00 erik Note Added: 0005276
2012-11-07 10:00 erik Assigned To erik => alex
2012-11-07 10:00 erik Status needs work => needs testing
2012-11-07 09:58 erik File Added: query_database_escape_1417.patch
2012-11-07 09:58 erik File Deleted: query_database_escape_1417.patch
2012-11-07 09:39 alex Description Updated bug_revision_view_page.php?rev_id=1064#r1064
2012-11-07 07:30 alex Note Added: 0005269
2012-11-07 07:30 alex Assigned To => erik
2012-11-07 07:30 alex Status needs testing => needs work
2012-11-07 05:51 erik Note Added: 0005262
2012-11-07 05:51 erik Developer => erik
2012-11-07 05:51 erik Status active => needs testing
2012-11-07 05:51 erik File Added: query_database_escape_1417.patch
2012-11-07 05:51 erik Note Added: 0005260
2012-10-20 06:44 alex New Issue
2012-10-20 06:44 alex Reference => https://groups.google.com/d/topic/in-portal-bugs/ckjKdgkBZbk/discussion
2012-10-20 06:44 alex Change Log Message => Fixes data not being escaped in "Query Database" section
2012-10-20 06:44 alex Estimate Points => 1

Notes
(0005260)
erik   
2012-11-07 05:51   
Done. Needs testing
(0005262)
erik   
2012-11-07 05:51   
Patch attached
(0005269)
alex   
2012-11-07 07:30   
1. Doesn't work. See function "array_map" (http://php.net/manual/en/function.array-map.php) documentation for more info.
(0005276)
erik   
2012-11-07 10:00   
Fixed array_map usage. Patch replaced with new version. Needs testing
(0005278)
alex   
2012-11-07 10:26   
Patch "query_database_escape_1417_v2.patch" adds some code formatting plus moves escaping from data gathering place to data output place.
(0005279)
alex   
2012-11-07 10:27   
OK
(0005280)
alex   
2012-11-07 10:27   
Fix committed to 5.2.x branch. Commit Message:

Fixes 0001417: Data not escaped in "Query Database" section
Commit on behalf of Erik