View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0021804 | mantisbt | html | public | 2016-10-17 08:46 | 2016-11-12 11:27 |
Reporter | j_schultz | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.2 | ||||
Target Version | 1.3.3 | Fixed in Version | 1.3.3 | ||
Summary | 0021804: Ampersands in Gravatar urls are not escaped properly | ||||
Description | The rating and size parameters in Gravatar URLs are not escaped properly. <img class="avatar" src="https://secure.gravatar.com/avatar/e78c92aeae3add82782137cab2273872?d=identicon&r=G&s=32" alt="cproensa" width="32" height="32" /> The ampersands in the link should be escaped, i.e. "&r=G&s=32" | ||||
Tags | No tags attached. | ||||
It seems like Mantis automatically converts HTML entities (ouch!), so the last sentence in my description does not make a lot of sense. But I'm sure you know what I mean. :) |
|
The "conversion" is done by the browser, we actually store the '& amp;' entity, and display it as such (look at the page source). That said, I agree this could be confusing. |
|
MantisBT: master-1.3.x fa2e7171 2016-10-17 07:15 Details Diff |
Gravatar plugin: escape ampersands in URLs Fixes 0021804 |
Affected Issues 0021804 |
|
mod - plugins/Gravatar/Gravatar.php | Diff File | ||
MantisBT: master-1.3.x aa2a3c0f 2016-11-09 07:06 Details Diff |
Proper fix for gravatar URL '&' encoding This partially reverts the change introduced in issue 0021804 (see commit fa2e7171e5e5b85465e449b67e5ced6672b9f3f9), letting the caller escape the URL as needed. Fixes 0021844 |
Affected Issues 0021804, 0021844 |
|
mod - core/classes/TimelineEvent.class.php | Diff File | ||
mod - plugins/Gravatar/Gravatar.php | Diff File |