Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#573 closed Bug (fixed)

Changeset 949 may break configuration values

Reported by: geocar Owned by:
Priority: low Milestone: RobotRock
Component: Core Keywords:
Cc: Sensitive:

Description

The superuser username " cannot be used as of changeset 949. It couldn't really be used before because of a different bug.

This may not cause problems as the username is unlikely to be ", but some other value or plugin or other future configuration may be surprised by the special handling here and assume all characters are safe.

Lines 136 and 216 are the offending statements:

136 $value = str_replace('"', """, $value);

216 $value = str_replace(""", '"', $value);

Suggestion: Use the PHP built-in functions htmlspecialchars and html_entity_decode instead.

Change History (3)

comment:1 Changed 5 years ago by matt (mattab)

  • Milestone set to RobotRock

comment:2 Changed 5 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from new to closed

fixed in [973]

comment:3 Changed 5 years ago by geocar

awesome thanks

Note: See TracTickets for help on using tickets.