#249 - Ticket Summary is not escaped properly if updating Ticket
Type Defect
Status Fixed
Milestone 2.3.3
Version 2.3.2
Component Tickets
Priority Normal
Severity Normal
Owner Trupik
Assigned to -
Reported 12 years ago
Updated 11 years ago
Votes 0
Related tickets
Proposed time
Worked time

What did you do to cause this? Created a ticket with Summary containing "doublequotes". Then made any change to the ticket (change Status, Priority, Attachmet, whatever) and press Update. The field Summary is not escaped properly in the form and will be trimmed upon Update ending just before the first doublequote. Summary should be processed with PHP function htmlspecialchars() when displaying in an input type="text".

What page were you on? Ticket update form.

What PHP and MySQL versions do you run? dev-lang/php-5.3.10 dev-db/mysql-5.1.61

Describe the defect: Summary is trimmed upon update. All characters after doublequote will disappear.

Ticket History

Jack closed as Fixed 12 years and 8 months ago