Ticket Summary is not escaped properly if updating Ticket

249
Defect
Trupik
-
2.3.3
2.3.2
Tickets
Fixed
Normal
Normal
5 years ago
3 years ago
0

Description

What did you do to cause this? Created a ticket with Summary containing "doublequotes". Then made any change to the ticket (change Status, Priority, Attachmet, whatever) and press Update. The field Summary is not escaped properly in the form and will be trimmed upon Update ending just before the first doublequote. Summary should be processed with PHP function htmlspecialchars() when displaying in an input type="text".

What page were you on? Ticket update form.

What PHP and MySQL versions do you run? dev-lang/php-5.3.10 dev-db/mysql-5.1.61

Describe the defect: Summary is trimmed upon update. All characters after doublequote will disappear.

Ticket History

5 years and 7 months ago by Jack

  • Closed ticket as Fixed