Ticket #2766 (closed Bugs: fixed)

Opened 8 months ago

Last modified 6 months ago

Unescaped ampersands in menu categories

Reported by: Nick_Lewis Assigned to: p_lindheimer
Priority: minor Milestone: 2.5
Component: Core Version: 2.4-branch
Keywords: Cc:
Confirmation: Unreviewed SVN Revision (if applicable):
Backend Engine: All Backend Engine Version:

Description

/var/www/html/admin/config.php does not escape the content of the items in the menu so causing invalid html. This particularly affects catergories such as "CID & Number Management" and "Internal Options & Configuration".

The fix is to use htmlspecialchars($rowcategory?,ENT_QUOTES) in place of $rowcategory? when outputing it

The same could also be done to $rowname? if there is a risk of a module name having ampersands

Attachments

ticket_2766.diff (487 bytes) - added by kgarrison on 06/02/08 11:58:59.

Change History

06/02/08 11:58:59 changed by kgarrison

  • attachment ticket_2766.diff added.

06/02/08 11:59:19 changed by kgarrison

Patch submitted

06/02/08 18:46:58 changed by p_lindheimer

  • status changed from new to closed.
  • resolution set to fixed.
  • component changed from - choose - to Core.
  • milestone changed from Cut Line to 3.0.

r5760, r5761

I had never seen an issue on Firefox with these but it is a valid request.

Donate



Support
Download
Develop
Forums
News
Documentation
Paid Support
About

Paid Ads