View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0012570 | mantisbt | bugtracker | public | 2010-11-30 08:36 | 2013-10-04 14:15 |
| Reporter | gthomas | Assigned To | dhx | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | git trunk | ||||
| Target Version | 1.2.5 | Fixed in Version | 1.2.5 | ||
| Summary | 0012570: print_api and file_api produces invalid xhtml code | ||||
| Description | class=\"italic\" and "file_download.php?file_id=$t_id&type=bug" | ||||
| Steps To Reproduce | my_view_page.php | ||||
| Additional Information | git version 2c56893 patch is attached | ||||
| Tags | patch | ||||
| Attached Files | xhtml_print_and_file_api.patch (1,219 bytes)
diff --git a/core/file_api.php b/core/file_api.php
index 2c56893..60cc2fc 100755
--- a/core/file_api.php
+++ b/core/file_api.php
@@ -306,7 +306,7 @@ function file_get_visible_attachments( $p_bug_id ) {
$t_attachment['diskfile'] = $t_diskfile;
if( $t_can_download ) {
- $t_attachment['download_url'] = "file_download.php?file_id=$t_id&type=bug";
+ $t_attachment['download_url'] = "file_download.php?file_id=$t_id&type=bug";
}
if( $image_previewed ) {
diff --git a/core/print_api.php b/core/print_api.php
index 4137ab5..01239a2 100644
--- a/core/print_api.php
+++ b/core/print_api.php
@@ -1574,7 +1574,7 @@ function print_bug_attachments_list( $p_bug_id ) {
} else {
echo $t_href_start;
print_file_icon( $t_file_display_name );
- echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . ' (' . $t_filesize . ' ' . lang_get( 'bytes' ) . ') ' . '<span class=\"italic\">' . $t_date_added . '</span>';
+ echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . ' (' . $t_filesize . ' ' . lang_get( 'bytes' ) . ') ' . '<span class="italic">' . $t_date_added . '</span>';
if ( $t_attachment['can_delete'] ) {
echo ' [';
| ||||
 |
Thanks for the bug report and patch Tamás. I have committed the second part of the patch as-is. The first part I have rewritten as raw URLs are used internally within MantisBT for file_api/attachment handling. Therefore we must escape those URLs before placing them in "href" attributes. Thanks again for your help. |
|
MantisBT: master 9b05114c 2010-12-25 03:10 Details Diff |
Fix 0012570: Invalid XHTML due to lack of escaping of attachment URL file_api returns attachment URLs in their raw unescaped format. Before placing these URLs inside the "href" attribute of an "a" element we must run it through string_attribute() first to escape ampersands and other unsafe characters. Within the same section of code a typo also existed with quotation marks accidentally being outputted around a "class" attribute on a span element. Thanks to Tamás Gulácsi for the initial patch and bug report. |
Affected Issues 0012570 |
|
| mod - core/print_api.php | Diff File | ||
|
MantisBT: master-1.2.x be42936b 2010-12-25 03:10 Details Diff |
Fix 0012570: Invalid XHTML due to lack of escaping of attachment URL file_api returns attachment URLs in their raw unescaped format. Before placing these URLs inside the "href" attribute of an "a" element we must run it through string_attribute() first to escape ampersands and other unsafe characters. Within the same section of code a typo also existed with quotation marks accidentally being outputted around a "class" attribute on a span element. Thanks to Tamás Gulácsi for the initial patch and bug report. |
Affected Issues 0012570 |
|
| mod - core/print_api.php | Diff File | ||
