View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0012570 | mantisbt | bugtracker | public | 2010-11-30 08:36 | 2013-10-04 14:15 |
Reporter | gthomas | Assigned To | dhx | ||
Priority | normal | Severity | crash | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | git trunk | ||||
Target Version | 1.2.5 | Fixed in Version | 1.2.5 | ||
Summary | 0012570: print_api and file_api produces invalid xhtml code | ||||
Description | class=\"italic\" and "file_download.php?file_id=$t_id&type=bug" | ||||
Steps To Reproduce | my_view_page.php | ||||
Additional Information | git version 2c56893 patch is attached | ||||
Tags | patch | ||||
Attached Files | xhtml_print_and_file_api.patch (1,219 bytes)
diff --git a/core/file_api.php b/core/file_api.php index 2c56893..60cc2fc 100755 --- a/core/file_api.php +++ b/core/file_api.php @@ -306,7 +306,7 @@ function file_get_visible_attachments( $p_bug_id ) { $t_attachment['diskfile'] = $t_diskfile; if( $t_can_download ) { - $t_attachment['download_url'] = "file_download.php?file_id=$t_id&type=bug"; + $t_attachment['download_url'] = "file_download.php?file_id=$t_id&type=bug"; } if( $image_previewed ) { diff --git a/core/print_api.php b/core/print_api.php index 4137ab5..01239a2 100644 --- a/core/print_api.php +++ b/core/print_api.php @@ -1574,7 +1574,7 @@ function print_bug_attachments_list( $p_bug_id ) { } else { echo $t_href_start; print_file_icon( $t_file_display_name ); - echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . ' (' . $t_filesize . ' ' . lang_get( 'bytes' ) . ') ' . '<span class=\"italic\">' . $t_date_added . '</span>'; + echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . ' (' . $t_filesize . ' ' . lang_get( 'bytes' ) . ') ' . '<span class="italic">' . $t_date_added . '</span>'; if ( $t_attachment['can_delete'] ) { echo ' ['; | ||||
Thanks for the bug report and patch Tamás. I have committed the second part of the patch as-is. The first part I have rewritten as raw URLs are used internally within MantisBT for file_api/attachment handling. Therefore we must escape those URLs before placing them in "href" attributes. Thanks again for your help. |
|
MantisBT: master 9b05114c 2010-12-25 03:10 Details Diff |
Fix 0012570: Invalid XHTML due to lack of escaping of attachment URL file_api returns attachment URLs in their raw unescaped format. Before placing these URLs inside the "href" attribute of an "a" element we must run it through string_attribute() first to escape ampersands and other unsafe characters. Within the same section of code a typo also existed with quotation marks accidentally being outputted around a "class" attribute on a span element. Thanks to Tamás Gulácsi for the initial patch and bug report. |
Affected Issues 0012570 |
|
mod - core/print_api.php | Diff File | ||
MantisBT: master-1.2.x be42936b 2010-12-25 03:10 Details Diff |
Fix 0012570: Invalid XHTML due to lack of escaping of attachment URL file_api returns attachment URLs in their raw unescaped format. Before placing these URLs inside the "href" attribute of an "a" element we must run it through string_attribute() first to escape ampersands and other unsafe characters. Within the same section of code a typo also existed with quotation marks accidentally being outputted around a "class" attribute on a span element. Thanks to Tamás Gulácsi for the initial patch and bug report. |
Affected Issues 0012570 |
|
mod - core/print_api.php | Diff File |