MantisBT - mantisbt
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0003907mantisbtrsspublic2004-05-31 11:312005-05-31 11:33
Reporterdfaught 
Assigned Tovboctor 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version1.0.0a3 
Summary0003907: Bad RSS link on http://bugs.mantisbt.org/ [^] [http://bugs.mantisbt.org/ [^]]
DescriptionOn the bottom of http://bugs.mantisbt.org/main_page.php, [^] there is a link labeled "RSS" that goes to http://bugs.mantisbt.org/news_rss.php?project_id=1. [^] When I click on the link, I get this error:

XML Parsing Error: undefined entity
Location: http://bugs.mantisbt.org/news_rss.php?project_id=1 [^]
Line Number 33, Column 1:

 * Sec bug_view_page.php?bug_id=0003660: Ability to execute arbitrary SQL statement if register_globals = ON.

^

I'm not sure what the link is supposed to do, but probably not this. :-)
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2004-05-31 11:31dfaughtNew Issue
2004-06-01 03:59WandererNote Added: 0005642
2004-06-01 04:02WandererNote Added: 0005643
2004-06-01 04:03WandererNote Deleted: 0005643
2004-06-01 04:03WandererNote Edited: 0005642
2004-06-01 16:10dfaughtNote Added: 0005646
2004-06-01 16:10dfaughtIssue Monitored: dfaught
2004-06-01 16:14dfaughtNote Added: 0005647
2004-06-01 21:36WandererNote Added: 0005648
2004-06-01 22:51dfaughtNote Added: 0005649
2004-07-28 18:42rfosterNote Added: 0006425
2004-07-28 19:10vboctorNote Added: 0006427
2004-08-11 19:04rfosterIssue Monitored: rfoster
2005-04-24 09:37vboctorNote Added: 0009893
2005-04-24 09:37vboctorStatusnew => feedback
2005-04-24 09:37vboctorCategorywebpage => rss
2005-04-24 09:45vboctorNote Added: 0009894
2005-04-27 10:28vboctorAssigned To => vboctor
2005-04-27 10:37vboctorStatusfeedback => resolved
2005-04-27 10:37vboctorFixed in Version => 1.0.0a3
2005-04-27 10:37vboctorResolutionopen => fixed
2005-05-31 11:33vboctorStatusresolved => closed

Notes
(0005642)
Wanderer   
2004-06-01 03:59   
(edited on: 2004-06-01 04:03)
It's not for direct browsing, it's URL, which can be added to any RSS-aggregator for reading news (and only news now :-( ) from site

Just for note - it works, and news really aggregated in reader

edited on: 06-01-04 04:03
(0005646)
dfaught   
2004-06-01 16:10   
I usually get to a page of XML when I click on RSS links, rather than a strange error. I'm not much of an RSS user, so I could be mistaken, but it seems odd for a hyperlink that shows up in the web browser to lead to an error like this.
(0005647)
dfaught   
2004-06-01 16:14   
Hmmm, I'm getting the same error from my news aggregator, so this looks like a real error in the RSS feature to me. Can you reproduce this by adding a new subscription based on the current RSS link?
(0005648)
Wanderer   
2004-06-01 21:36   
I tried in my (RSS-reader plugin for Miranda)- and got feed and no errors. You can test your aggregator on my 0.19-CVS installation (but AFAIS nothing was changed in this area) - http://bts.e-city.net.ru/demo/news_rss.php?project_id=1 [^]
PS - sorry, but news only in Russian
(0005649)
dfaught   
2004-06-01 22:51   
I looked at your demo site, and yes, it looks okay. Is this issue unique to version 0.18.2? (My own installation isn't configured to use RSS, so I can't check there.)
(0006425)
rfoster   
2004-07-28 18:42   
This issue is really biting me :( The problem is that the '&' in   is invalid, and needs to be escaped as & in XML to work properly. Note that this is only showing up in messages like the change log. (ie. those containing  )

I've tested this by substituting the following string:
  
with
  
and it works perfectly in a local copy of the current rss feed for this project.
(0006427)
vboctor   
2004-07-28 19:10   
I think this is a bug in the RSS library that we are using. I would expect this library to escape the data before generating the XML file.

These are the options to fix this library:
- Add the escaping to the external library (or see if this issue is fixed in more recent versions).
- Move to a different library (that hopefully fixes this and uses GPL license.
- For now, escape the data before setting it into the RSS generator.

This bug will depend on the contents of the news, rather than a specific version of Mantis.
(0009893)
vboctor   
2005-04-24 09:37   
I tested it now and it seems to be working. The official bugtracker is now using Mantis 1.0.0a1 which may have the fix for this problem.
(0009894)
vboctor   
2005-04-24 09:45   
I didn't read the comments again before posting my last comment. The problem is probably not fixed yet.