View Issue Details

IDProjectCategoryView StatusLast Update
0004450mantisbtlocalizationpublic2004-12-11 03:01
Reporterbobdeng Assigned Tojlatour  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version0.19.0rc1 
Fixed in Version0.19.2 
Summary0004450: Real name was changed to "¹ÜÀíÔ±"
Description

When I create a new user, he login mantis and go to "My Account" to change his personal information, his real name is Chinese word, when he saved,the real name was changed to "¹ÜÀíÔ±".
When I login as administrator,in "Management" function to change the user's information, when I input Chinese word, it works right.

TagsNo tags attached.

Relationships

has duplicate 0004586 closedWanderer problem with realname field 
has duplicate 0004913 closedjlatour account_page.php and charset=iso-8859-2 
related to 0004366 closeddregad Mail does not encode foreign characters 
related to 0004346 closedachumakov Problem with HTML-entities in names 
child of 0004818 closedvboctor Mantis 0.19.2 release 

Activities

jlatour

jlatour

2004-08-31 23:54

reporter   ~0007346

Are both accounts using the Chinese interface? If so, simplified or traditional?

bobdeng

bobdeng

2004-08-31 23:58

reporter   ~0007347

Yes,when I changed the code in "account_update.php", 31 line:

$f_realname = htmlentities(gpc_get_string( 'realname', '' ) );

to
$f_realname = gpc_get_string( 'realname', '' ) ;

It works ok.

bobdeng

bobdeng

2004-08-31 23:58

reporter   ~0007349

simplified

jlatour

jlatour

2004-09-01 00:01

reporter   ~0007350

OK, thanks.

grangeway

grangeway

2004-09-05 08:47

reporter   ~0007440

Or more, htmlentities should be string_display / string_attribute..?

romat

romat

2004-09-09 02:47

reporter   ~0007505

I have the same behaviour with ISO 8859-2 accented characters.
The problem is with htmlentities() function in account_update.php. The rest of Mantis uses htmlspacialchars() which is safe when using accented characters.

DGtlRift

DGtlRift

2004-10-28 08:45

reporter   ~0008196

Did anyone fix this in CVS yet? Seems very simple, should I bother to post a patch?

DGtlRift

DGtlRift

2004-10-29 06:46

reporter   ~0008201

Verified issue. Changed htmlentities() to htmlspacialchars() as suggested by romat. Tested, and works with mod. Patch added and awaiting review and CVS commit.

2004-10-29 07:08

 

mantisbt.4450.realname.txt (667 bytes)   
Index: account_update.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/account_update.php,v
retrieving revision 1.38
diff -u -r1.38 account_update.php
--- account_update.php	22 Aug 2004 01:19:29 -0000	1.38
+++ account_update.php	29 Oct 2004 12:10:57 -0000
@@ -28,7 +28,7 @@
 ?>
 <?php
 	$f_email			= htmlentities( gpc_get_string( 'email', '' ) );
-	$f_realname			= htmlentities( gpc_get_string( 'realname', '' ) );
+	$f_realname			= htmlspecialchars( gpc_get_string( 'realname', '' ) );
 	$f_password			= gpc_get_string( 'password', '' );
 	$f_password_confirm	= gpc_get_string( 'password_confirm', '' );
 
mantisbt.4450.realname.txt (667 bytes)   
jlatour

jlatour

2004-11-25 18:04

reporter   ~0008432

It took a while... but it should be fixed now :-) Sorry for the delay.

Issue History

Date Modified Username Field Change
2004-08-31 21:35 bobdeng New Issue
2004-08-31 23:54 jlatour Note Added: 0007346
2004-08-31 23:54 jlatour Status new => feedback
2004-08-31 23:58 bobdeng Note Added: 0007347
2004-08-31 23:58 bobdeng Note Added: 0007349
2004-09-01 00:00 jlatour Status feedback => acknowledged
2004-09-01 00:01 jlatour Relationship added child of 0003987
2004-09-01 00:01 jlatour Note Added: 0007350
2004-09-05 08:47 grangeway Note Added: 0007440
2004-09-09 02:47 romat Note Added: 0007505
2004-09-12 08:31 vboctor Relationship deleted child of 0003987
2004-09-12 08:50 vboctor Relationship added child of 0004297
2004-09-12 08:51 vboctor Assigned To Wanderer =>
2004-09-21 08:18 thraxisp Relationship added has duplicate 0004586
2004-09-23 10:23 Wanderer Relationship added related to 0004366
2004-09-23 10:26 Wanderer Relationship added related to 0004346
2004-10-28 08:45 DGtlRift Note Added: 0008196
2004-10-29 06:44 DGtlRift Assigned To => DGtlRift
2004-10-29 06:46 DGtlRift Status acknowledged => resolved
2004-10-29 06:46 DGtlRift Resolution open => fixed
2004-10-29 06:46 DGtlRift Note Added: 0008201
2004-10-29 06:48 DGtlRift Status resolved => assigned
2004-10-29 06:55 DGtlRift File Added: mantisbt.4450.realname.txt
2004-10-29 06:55 DGtlRift Status assigned => feedback
2004-10-29 07:04 DGtlRift File Deleted: mantisbt.4450.realname.txt
2004-10-29 07:08 DGtlRift File Added: mantisbt.4450.realname.txt
2004-11-06 05:51 vboctor Relationship added child of 0004818
2004-11-06 05:52 vboctor Relationship deleted child of 0004297
2004-11-25 18:04 jlatour Status feedback => resolved
2004-11-25 18:04 jlatour Fixed in Version => 0.19.2
2004-11-25 18:04 jlatour Note Added: 0008432
2004-11-25 18:06 jlatour Assigned To DGtlRift => jlatour
2004-11-28 13:37 jlatour Relationship added has duplicate 0004913
2004-12-11 03:01 vboctor Status resolved => closed