In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details Jump to Notes ] Wiki ] View Advanced ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000530 [In-Portal CMS] Front End feature request N/A 2010-01-05 04:59 2010-07-22 15:06
Reporter alex View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Fixed in Version 5.1.0-B1
Status closed Product Version 5.0.2-B2 Target Version 5.1.0
Time EstimateNo estimate
Summary 0000530: Improvements of "m_Get" and "m_GetConfig" tags
Description Tag "m_Get" is used to retrieve any variable from browser (get, post, cookie). This tag has internal parameter named "htmlchars", which applies "htmlspecialchars" function on it's result. This functionality is redundant, since we have "html_escape" parameter, that is processed for each tag, that does the same. I propose to remove "htmlchars" parameter processing.

There is another issue with "m_Get" tag. As security measure we apply "htmlspecialchars" by default on all browser variables, that are used on front-end (this way all type of injections are prevented). In case if developer wan't to output actual variable's value without "htmlspecialchars" function applied to it, then there is no way. I propose to add "no_html_escape" parameter that will do that for "m_Get" tag.

Tag "m_GetConfig" is used to retrieve configuration variable's value by given name. Also "escape" parameter is processed internally, that does the same as global tag parameter "js_escape". So I propose to remove it too.
Additional Information
Tags No tags attached.
Change Log Message
Estimate Points 0
Attached Files patch file icon main_processor_fix.patch [^] (1,016 bytes) 2010-01-05 04:59 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
parent of 0001266closed (5.2.0)alex Special Characters in Website Name break Admin Menu 

-  Notes
User avatar (0001915)
Dmitry (manager)
2010-04-24 23:39

Tested good - please commit
User avatar (0001920)
alex (manager)
2010-04-25 07:09

Fix committed to 5.1.x branch. Commit Message:

Fixes 0000530: Improvements of "m_Get" and "m_GetConfig" tags
User avatar (0002561)
alex (manager)
2010-07-22 15:06

Closing, since 5.1.0 release has been released.

- Related Changesets
In-Portal CMS: 5.1.x r13395
Timestamp: 2010-04-25 07:09:14
Author: alex
Details ] Diff ]
Fixes 0000530: Improvements of "m_Get" and "m_GetConfig" tags
mod - /in-portal/branches/5.1.x/core/kernel/processors/main_processor.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-04-26 02:37 alex Relationship added parent of 0001266
2010-07-22 15:06 alex Note Added: 0002561
2010-07-22 15:06 alex Status resolved => closed
2010-04-25 07:09 alex Note Added: 0001920
2010-04-25 07:09 alex Status reviewed and tested => resolved
2010-04-25 07:09 alex Fixed in Version => 5.1.0-B1
2010-04-25 07:09 alex Resolution open => fixed
2010-04-25 07:09 alex Assigned To !COMMUNITY => alex
2010-04-25 07:09 alex Changeset attached 5.1.x r13395
2010-04-24 23:39 Dmitry Time Estimate Removed 1 =>
2010-04-24 23:39 Dmitry Note Added: 0001915
2010-04-24 23:39 Dmitry Status needs testing => reviewed and tested
2010-02-27 04:08 alex Developer => alex
2010-01-12 11:16 alex Time Estimate Added 1
2010-01-12 10:32 alex Target Version Icebox => 5.1.0
2010-01-05 05:00 alex Assigned To => !COMMUNITY
2010-01-05 05:00 alex Status active => needs testing
2010-01-05 05:00 alex Reference =>
2010-01-05 05:00 alex Target Version => Icebox
2010-01-05 04:59 alex New Issue
2010-01-05 04:59 alex File Added: main_processor_fix.patch

Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker