View Issue Details

IDProjectCategoryView StatusLast Update
0019828mantisbtbugtrackerpublic2015-08-06 17:40
Reporterraro Assigned Toatrol  
PrioritynormalSeveritymajorReproducibilityhave not tried
Status closedResolutionunable to reproduce 
Product Version1.3.0-beta.2 
Target VersionFixed in Version 
Summary0019828: Escaping
Description

Since we updated to 1.3.0 Beta 2 we noticed there are some escaping issues
All quotation marks are displayed escaped (as in \' instead of ')
We noticed this at least on the following locations:

  • Bug description
  • Notes
  • Email

Quick fix was stripslahes on the following files:

  • bug_view_inc.php line 668
  • bugnote_view_inc.php line 275
  • core/email_api.php line 973

Ofcourse this is not the preferred solution, escaping should be handled by the databse wrapper orso

If there is a setting for this please let me know!

TagsNo tags attached.

Activities

raro

raro

2015-07-08 09:06

reporter   ~0051039

I noticed that also setting config options due end up escaped in the database
Also it seems newlines are converted to <br />

vboctor

vboctor

2015-07-14 01:18

manager   ~0051052

Testing a comment with 'single quotes' on this bug tracker to see if we can reproduce the issue.

vboctor

vboctor

2015-07-14 01:18

manager   ~0051053

@raro, I can't reproduce the problem.

raro

raro

2015-07-14 03:16

reporter   ~0051056

I think it's due to the current used server. I tested the same install/db on a different setup and it seems to have no problem.

ANy ideas what php/apache setting/version it could be?

atrol

atrol

2015-07-14 03:34

developer   ~0051057

Might be related to your other issue 0019829.

vboctor

vboctor

2015-07-14 10:02

manager   ~0051060

Issue 0019829 is related to encoding of emails. I was assuming that @raro is referring to contents in the database + UI, right?

atrol

atrol

2015-07-14 10:23

developer   ~0051062

I thought it could be related in terms of "questionable PHP configuration on OSX 10.10.3", in this issue maybe magic_quotes_runtime.

raro

raro

2015-07-14 11:00

reporter   ~0051063

sorry think you misunderstood. All browser tests were on OSX, the webserver is Debian based

atrol

atrol

2015-07-14 11:47

developer   ~0051065

I tested the same install/db on a different setup and it seems to have no problem.
Did you check if there is a difference of the mentioned setting magic_quotes_runtime?

atrol

atrol

2015-07-24 17:04

developer   ~0051133

raro,

You did not provide any feedback; I am therefore resolving this issue as "no change required".

Feel free to reopen the issue at a later time and provide the requested information.

sreichel

sreichel

2015-07-30 04:35

reporter   ~0051159

Hello,

i have the same problem ...

linux/apache
php: 5.3.21
magic_quotes_runtime: off

Please let me know if you need further information.

atrol

atrol

2015-08-06 17:40

developer   ~0051213

sreichel, please open a separate issue for it.

As we were not able to reproduce the issue you should provide detailed step-by-step instructions to reproduce the issue; the following additional information may also be useful:

  • Version of MantisBT where you started the update
  • Exact version of MantisBT (1.3.2-beta2, nightly build, ...) , PHP, Database, Web server, Browser and Operating System
  • Relevant customizations (e.g. changes in config_inc.php, etc)
  • Installed plugins or custom functions ?
  • Was the MantisBT source code modified in any way ?

Issue History

Date Modified Username Field Change
2015-06-11 17:33 raro New Issue
2015-07-08 09:06 raro Note Added: 0051039
2015-07-14 01:17 vboctor Severity minor => major
2015-07-14 01:17 vboctor Target Version => 1.3.0-beta.3
2015-07-14 01:18 vboctor Note Added: 0051052
2015-07-14 01:18 vboctor Note Added: 0051053
2015-07-14 01:50 atrol Status new => feedback
2015-07-14 03:16 raro Note Added: 0051056
2015-07-14 03:16 raro Status feedback => new
2015-07-14 03:34 atrol Note Added: 0051057
2015-07-14 10:02 vboctor Note Added: 0051060
2015-07-14 10:23 atrol Note Added: 0051062
2015-07-14 11:00 raro Note Added: 0051063
2015-07-14 11:47 atrol Status new => feedback
2015-07-14 11:47 atrol Note Added: 0051065
2015-07-24 17:04 atrol Assigned To => atrol
2015-07-24 17:04 atrol Status feedback => resolved
2015-07-24 17:04 atrol Resolution open => no change required
2015-07-24 17:04 atrol Note Added: 0051133
2015-07-24 17:05 atrol Target Version 1.3.0-beta.3 =>
2015-07-30 04:35 sreichel Note Added: 0051159
2015-08-06 17:40 atrol Note Added: 0051213
2015-08-06 17:40 atrol Status resolved => closed
2015-08-06 17:40 atrol Resolution no change required => unable to reproduce