View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0032076mantisbtbugtrackerpublic2023-02-28 08:342023-04-11 19:07
Reportermakgreg Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.24.4 
Target Version2.25.7Fixed in Version2.25.7 
Summary0032076: Ampersand in $g_search_title prevents adding search engine
Description

Hello,

While trying to add the search engine in my Firefox browser I faced the following error message:

Invalid Format :
Firefox could not install the search engine from:
https://my.url/browser_search_plugin.php?type=id

Thank you.

Steps To Reproduce

o Right click in the URL bar
o Click 'Add: "$YOUR_SITE_NAME: Search by issue id"

Additional Information

Looks like it is due to the ampersand (&) I have in my site name...

TagsNo tags attached.

Activities

dregad

dregad

2023-02-28 09:17

developer   ~0067426

Problem is confirmed.

As a workaround, I suggest you remove the ampersand & in $g_search_title (which by default takes the value of $g_window_title).
makgreg

makgreg

2023-02-28 10:05

reporter   ~0067427

Yes no problem, thank you for the answer ;)
dregad

dregad

2023-02-28 11:14

developer   ~0067428

Since this is a non-critical issue with a simple and accepted a workaround, I'm targeting resolution to 2.26.0 release.
dregad

dregad

2023-02-28 11:35

developer   ~0067429

PR https://github.com/mantisbt/mantisbt/pull/1868
dregad

dregad

2023-03-04 10:33

developer   ~0067448

While this was initially set to be fixed in 2.26.0, since I started work on a 2.25.7 release due to a regression issue (see 0032086), might as well pull this one in as well.

Related Changesets

MantisBT: master-2.25 456d874d

2023-02-28 11:06

dregad


Details Diff		 Fix escaping of OpenSearch Shortname property

Improper escaping prevented the user from adding a Search Engine when
$g_search_title contains an ampersand.

The `" ' < > &` characters in the config variable are now escaped
- in layout_api.php, to generate proper HTML is in the page head
- in browser_search_plugin.php, to ensure valid XML is produced for the
OpenSearch descriptor.

Fixes 0032076		 Affected Issues
0032076
mod - browser_search_plugin.php Diff File
mod - core/layout_api.php Diff File