0022522: EVENT_DISPLAY_FORMATTED applied to bug IDs can result in broken markup - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0022522	mantisbt	html	public	2017-03-15 18:21	2017-03-15 18:22

Reporter	j_schultz	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Product Version	2.2.1

Summary	0022522: EVENT_DISPLAY_FORMATTED applied to bug IDs can result in broken markup
Description	I have a plugin that does the following: `function display_formatted($p_event, $p_text, $p_multiline) { // Add links to SVN revision numbers return preg_replace('/\b(?<!\-)(r\|revision \|Revision )(\d+)\b/', '<a href="...">$0</a>', $p_text); }` So, what it does is replacing SVN revision numbers like "r1234" by a link to a repository browser. Now, apparently EVENT_DISPLAY_FORMATTED is also applied to issue names in title attributes of links, like so: Assume there is an issue 0000001 named "test r1234". Assume there is another issue referencing 0000001 somewhere in its description. The following markup is generated: `<a href="/view.php?id=1" title="[resolved] test <a href="...">r1234</a>" class="resolved">0000001</a>` So there is a link tag inside a link tag. Long story short: Either issue names should not be displayed formatted, or the title tag must be passed through htmlspecialchars (or strip_tags should be called).
Tags	No tags attached.

j_schultz 2017-03-15 18:22 reporter ~0056078	The generated markup is not shown correctly despite being placed inside a markdown block. I hope you can see the original markup by editing the issue.