0035424: Use new string_build_query() API function

ID	Project	Category	View Status	Date Submitted	Last Update
0035424	mantisbt	code cleanup	public	2025-02-21 18:03	2026-01-09 13:26

Reporter	dregad	Assigned To	community
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed
Target Version	2.28.0	Fixed in Version	2.28.0

Summary	0035424: Use new string_build_query() API function
Description	This new function was introduced by @raspopov as part of PR https://github.com/mantisbt/mantisbt/pull/2096 to fix HTML errors and warnings (see 0035180). As discussed during PR review, for consistency this new API function should replace existing usages of http_build_query(), otherwise we'll end up with some URLs RFC1738-encoded (default for $encoding_type parameter), which may or may not be an actual issue (I did not check). Usage of but urlencode() and rawurlencode() should also be checked, e.g. in print_all_bug_page.php: `147: $t_search = urlencode( $f_search ); ... 166: echo '<a href="' . $t_icon[0] . '.php?' . http_build_query( $t_params ) . '" ' . $t_icon[2] . '>';` The $t_search is included in $t_params.
Tags	No tags attached.

MantisBT: master fa1df957 2025-03-03 22:50 raspopov Committer: dregad Details Diff	Extend the use of the query parameter Extended the allowed parameter types of helper_url_combine(), auth_login_page(), auth_credential_page(), AuthFlags::getCredentialsPage() functions that accepted a query string to also accept an array of query parameters. Fixes 0035424	Affected Issues 0035424
	mod - core/authentication_api.php	Diff File
	mod - core/classes/AuthFlags.class.php	Diff File
	mod - core/helper_api.php	Diff File
MantisBT: master 1c2f8343 2025-03-15 14:09 dregad Details Diff	Extend the use of the query parameter Added a new test UrlCombineTest for helper_url_combine(). Fixes 0035424, PR https://github.com/mantisbt/mantisbt/pull/2114	Affected Issues 0035424
	mod - adm_config_report.php	Diff File
	mod - admin/check/check_database_inc.php	Diff File
	mod - admin/check/index.php	Diff File
	mod - billing_export_to_excel.php	Diff File
	mod - bug_report.php	Diff File
	mod - core/access_api.php	Diff File
	mod - core/authentication_api.php	Diff File
	mod - core/classes/AuthFlags.class.php	Diff File
	mod - core/csv_api.php	Diff File
	mod - core/excel_api.php	Diff File
	mod - core/filter_api.php	Diff File
	mod - core/filter_form_api.php	Diff File
	mod - core/helper_api.php	Diff File
	mod - core/html_api.php	Diff File
	mod - core/http_api.php	Diff File
	mod - core/install_helper_functions_api.php	Diff File
	mod - core/layout_api.php	Diff File
	mod - core/print_api.php	Diff File
	mod - core/string_api.php	Diff File
	mod - core/summary_api.php	Diff File
	mod - excel_xml_export.php	Diff File
	mod - login.php	Diff File
	mod - login_anon.php	Diff File
	mod - login_page.php	Diff File
	mod - login_password_page.php	Diff File
	mod - login_select_proj_page.php	Diff File
	mod - manage_proj_page.php	Diff File
	mod - my_view_inc.php	Diff File
	mod - print_all_bug_page.php	Diff File
	mod - query_store.php	Diff File
	mod - set_project.php	Diff File
	mod - tag_view_page.php	Diff File
	add - tests/Mantis/Helper/UrlCombineTest.php	Diff File
	mod - timeline_inc.php	Diff File

Dependency Graph

View Issue Details

Relationships

Activities

Related Changesets

related to	0035180	closed	community	The MantisBT web interface must pass HTML validation
related to	0036819	closed	dregad	Secure cookies are rejected by the browser

raspopov 2025-03-03 22:57 reporter ~0069937	The first step is to slightly extend the API of functions that work with query strings so that they also understand the array of 'query parameter name'='value' pairs. https://github.com/mantisbt/mantisbt/pull/2114