In-Portal Issue Tracker - In-Portal CMS
|
Viewing Issue Advanced Details |
|
ID:
|
Category:
|
Type:
|
Reproducibility:
|
Date Submitted:
|
Last Update:
|
1417 |
[In-Portal CMS] Database |
bug report |
always |
2012-10-20 06:44 |
2012-11-07 10:27 |
|
Reporter:
|
alex |
Platform:
|
|
|
Assigned To:
|
alex |
OS:
|
|
|
Priority:
|
normal |
OS Version:
|
|
|
Status:
|
resolved |
Product Version:
|
5.1.0 |
|
Product Build:
|
|
Resolution:
|
fixed |
|
|
ETA:
|
none |
Fixed in Version:
|
5.2.1-B1 |
|
Reference:
|
https://groups.google.com/d/topic/in-portal-bugs/ckjKdgkBZbk/discussion |
Change Log Message:
|
Fixes data not being escaped in "Query Database" section |
Estimate Points:
|
1 |
|
Summary:
|
0001417: Data not escaped in "Query Database" section |
Description:
|
n-Portal "Tools -> Query Database" section where administrator can perform simple database queries and see result right away.
I've noticed that this text from database "test_& amp;_test" (space between "&" and "amp;" add because Mantis breaks it otherwise) is displayed as "test_&_test" on that page. This means, that data isn't escaped before being displayed on a page. |
Steps To Reproduce:
|
|
Additional Information:
|
|
Relationships | |
Attached Files:
|
query_database_escape_1417.patch (509) 2012-11-07 09:58 http://tracker.in-portal.org/file_download.php?file_id=1861&type=bug query_database_escape_1417_v2.patch (4,642) 2012-11-07 10:26 http://tracker.in-portal.org/file_download.php?file_id=1863&type=bug |
|
Issue History |
Date Modified |
Username |
Field |
Change |
2012-11-07 10:27 |
alex |
Note Added: 0005280 |
|
2012-11-07 10:27 |
alex |
Status |
reviewed and tested => resolved |
2012-11-07 10:27 |
alex |
Fixed in Version |
=> 5.2.1-B1 |
2012-11-07 10:27 |
alex |
Resolution |
open => fixed |
2012-11-07 10:27 |
alex |
Assigned To |
!COMMUNITY => alex |
2012-11-07 10:27 |
alex |
Changeset attached |
5.2.x r15618 |
2012-11-07 10:27 |
alex |
Note Added: 0005279 |
|
2012-11-07 10:27 |
alex |
Assigned To |
alex => !COMMUNITY |
2012-11-07 10:27 |
alex |
Status |
needs testing => reviewed and tested |
2012-11-07 10:26 |
alex |
Note Added: 0005278 |
|
2012-11-07 10:26 |
alex |
File Added: query_database_escape_1417_v2.patch |
|
2012-11-07 10:00 |
erik |
Note Added: 0005276 |
|
2012-11-07 10:00 |
erik |
Assigned To |
erik => alex |
2012-11-07 10:00 |
erik |
Status |
needs work => needs testing |
2012-11-07 09:58 |
erik |
File Added: query_database_escape_1417.patch |
|
2012-11-07 09:58 |
erik |
File Deleted: query_database_escape_1417.patch |
|
2012-11-07 09:39 |
alex |
Description Updated |
bug_revision_view_page.php?rev_id=1064#r1064 |
2012-11-07 07:30 |
alex |
Note Added: 0005269 |
|
2012-11-07 07:30 |
alex |
Assigned To |
=> erik |
2012-11-07 07:30 |
alex |
Status |
needs testing => needs work |
2012-11-07 05:51 |
erik |
Note Added: 0005262 |
|
2012-11-07 05:51 |
erik |
Developer |
=> erik |
2012-11-07 05:51 |
erik |
Status |
active => needs testing |
2012-11-07 05:51 |
erik |
File Added: query_database_escape_1417.patch |
|
2012-11-07 05:51 |
erik |
Note Added: 0005260 |
|
2012-10-20 06:44 |
alex |
New Issue |
|
2012-10-20 06:44 |
alex |
Reference |
=> https://groups.google.com/d/topic/in-portal-bugs/ckjKdgkBZbk/discussion |
2012-10-20 06:44 |
alex |
Change Log Message |
=> Fixes data not being escaped in "Query Database" section |
2012-10-20 06:44 |
alex |
Estimate Points |
=> 1 |
Notes |
|
(0005260)
|
erik
|
2012-11-07 05:51
|
|
|
|
(0005262)
|
erik
|
2012-11-07 05:51
|
|
|
|
(0005269)
|
alex
|
2012-11-07 07:30
|
|
|
|
(0005276)
|
erik
|
2012-11-07 10:00
|
|
Fixed array_map usage. Patch replaced with new version. Needs testing |
|
|
(0005278)
|
alex
|
2012-11-07 10:26
|
|
Patch "query_database_escape_1417_v2.patch" adds some code formatting plus moves escaping from data gathering place to data output place. |
|
|
(0005279)
|
alex
|
2012-11-07 10:27
|
|
|
|
(0005280)
|
alex
|
2012-11-07 10:27
|
|
Fix committed to 5.2.x branch. Commit Message:
Fixes 0001417: Data not escaped in "Query Database" section
Commit on behalf of Erik |
|