[Dspam-devel] [ dspam-Bug Tracker-2982523 ] History page escapes and truncates strings in wrong order

Wed, 21 Apr 2010 16:29:41 -0700 

Bug Tracker item #2982523, was opened at 2010-04-06 10:25
Message generated for change (Settings changed) made by sbajic
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2982523&group_id=250683

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: webui
Group: v3.9.0
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Michael (nomde)
>Assigned to: Stevan Bajic (sbajic)
Summary: History page escapes and truncates strings in wrong order

Initial Comment:
The history page escapes the < and > characters to their HTML entity and 
truncates strings longer than $CONFIG{MAX_COL_LEN}. Unfortunately, it does so 
in this order, which means if a < or > is present near the end of the string, 
the user can get "&gt" or similar rendered by their browser when it encounters 
an incomplete entity.

The attached patch moves the truncation so it occurs before the special 
characters are replaced by their entities, to give the desired behaviour. It 
also replaces &, " and ' with their appropriate entities. The & is probably the 
only additional one that's strictly necessary, but I figure the others can't 
hurt.

Finally, it also takes 3 characters less than the maximum column length from 
long strings, in order to compensate for the 3 characters it's adding. Whether 
or not the actual number of characters is important is left to the maintainer 
to decide.

----------------------------------------------------------------------

>Comment By: Stevan Bajic (sbajic)
Date: 2010-04-22 01:28

Message:
Hallo Michael,

thanks for reporting and the patch. It is now fixed in latest GIT.

-- 
Kind Regards from Switzerland,

Stevan Bajić

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2982523&group_id=250683

------------------------------------------------------------------------------
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel

Reply via email to