0003907: Bad RSS link on http://bugs.mantisbt.org/ - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0003907	mantisbt	rss	public	2004-05-31 11:31	2005-05-31 11:33

Reporter	dfaught	Assigned To	vboctor
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Fixed in Version	1.0.0a3

Summary	0003907: Bad RSS link on http://bugs.mantisbt.org/
Description	On the bottom of http://bugs.mantisbt.org/main_page.php, there is a link labeled "RSS" that goes to http://bugs.mantisbt.org/news_rss.php?project_id=1. When I click on the link, I get this error: XML Parsing Error: undefined entity Location: http://bugs.mantisbt.org/news_rss.php?project_id=1 Line Number 33, Column 1: * Sec <a href="bug_view_page.php?bug_id=0003660" title="[closed] Ability to execute arbitrary SQL statement if register_globals = ON">0003660</a>: Ability to execute arbitrary SQL statement if register_globals = ON. ^ I'm not sure what the link is supposed to do, but probably not this. :-)
Tags	No tags attached.

~~Wanderer~~ 2004-06-01 03:59 developer ~0005642 Last edited: 2004-06-01 04:03	It's not for direct browsing, it's URL, which can be added to any RSS-aggregator for reading news (and only news now :-( ) from site Just for note - it works, and news really aggregated in reader edited on: 06-01-04 04:03

dfaught 2004-06-01 16:10 reporter ~0005646	I usually get to a page of XML when I click on RSS links, rather than a strange error. I'm not much of an RSS user, so I could be mistaken, but it seems odd for a hyperlink that shows up in the web browser to lead to an error like this.

dfaught 2004-06-01 16:14 reporter ~0005647	Hmmm, I'm getting the same error from my news aggregator, so this looks like a real error in the RSS feature to me. Can you reproduce this by adding a new subscription based on the current RSS link?

~~Wanderer~~ 2004-06-01 21:36 developer ~0005648	I tried in my (RSS-reader plugin for Miranda)- and got feed and no errors. You can test your aggregator on my 0.19-CVS installation (but AFAIS nothing was changed in this area) - http://bts.e-city.net.ru/demo/news_rss.php?project_id=1 PS - sorry, but news only in Russian

dfaught 2004-06-01 22:51 reporter ~0005649	I looked at your demo site, and yes, it looks okay. Is this issue unique to version 0.18.2? (My own installation isn't configured to use RSS, so I can't check there.)

rfoster 2004-07-28 18:42 reporter ~0006425	This issue is really biting me :( The problem is that the '&' in is invalid, and needs to be escaped as & in XML to work properly. Note that this is only showing up in messages like the change log. (ie. those containing ) I've tested this by substituting the following string: with   and it works perfectly in a local copy of the current rss feed for this project.

vboctor 2004-07-28 19:10 manager ~0006427	I think this is a bug in the RSS library that we are using. I would expect this library to escape the data before generating the XML file. These are the options to fix this library: Add the escaping to the external library (or see if this issue is fixed in more recent versions). Move to a different library (that hopefully fixes this and uses GPL license. For now, escape the data before setting it into the RSS generator. This bug will depend on the contents of the news, rather than a specific version of Mantis.

vboctor 2005-04-24 09:37 manager ~0009893	I tested it now and it seems to be working. The official bugtracker is now using Mantis 1.0.0a1 which may have the fix for this problem.

vboctor 2005-04-24 09:45 manager ~0009894	I didn't read the comments again before posting my last comment. The problem is probably not fixed yet.

View Issue Details

Activities