Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changeset 949 may break configuration values #573

Closed
anonymous-matomo-user opened this issue Mar 2, 2009 · 2 comments
Closed

Changeset 949 may break configuration values #573

anonymous-matomo-user opened this issue Mar 2, 2009 · 2 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Milestone
RobotRock

Comments

@anonymous-matomo-user
Copy link

The superuser username " cannot be used as of changeset 949. It couldn’t really be used before because of a different bug.

This may not cause problems as the username is unlikely to be ", but some other value or plugin or other future configuration may be surprised by the special handling here and assume all characters are safe.

Lines 136 and 216 are the offending statements:

```
136 $value = str_replace(‘"’, “"”, $value);

216 $value = str_replace(“"”, ‘"’, $value);
```

Suggestion: Use the PHP built-in functions htmlspecialchars and html_entity_decode instead.
@mattab
Copy link
Member

mattab commented Mar 9, 2009

fixed in 973

@anonymous-matomo-user
Copy link
Author

awesome thanks

@anonymous-matomo-user anonymous-matomo-user added this to the RobotRock milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Milestone
RobotRock
Development

No branches or pull requests
2 participants
@mattab @anonymous-matomo-user