MantisBT - v3.2 Release
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001135v3.2 ReleaseCore Infrastructurepublic2012-05-07 10:362014-07-16 21:28
Reporterace_di 
Assigned Tocaseydk 
PrioritynoneSeveritytrivialReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version3.2Fixed in Version3.2 
Summary0001135: Cannot use "<<" in the description text fields
DescriptionIf you use double less than "<<" in any text field the << and everything that follows in truncated. If you type the value in the field in the database that it is shown. If you click edit and than save than you lose the << and everything that follows.
I needed to copy some bash script files in the task logs (to document what was done) and I lost parts of the text since it contained << characters.
TagsNo tags attached.
Relationships
Attached Files

Notes
(0002526)
caseydk   
2012-05-18 23:04   
This one is quite a bit more complicated than imagined.

The core system uses the strip_tags function to remove all the HTML tags. The way the function works is that it interprets any combination of "<" and then a non-whitespace character as an opening tag. Therefore any of these would be removed:

<<
<hello
<!
<3

whereas if the "<" is followed by whitespace (space, tab, linebreak), it is preserved as expected. Therefore, this is a language feature, not a web2project issue.

The workaround for now is to not use "<<" or anything similar to the examples above.
(0002531)
ace_di   
2012-05-22 10:34   
Why remove HTML (using strip_tags), why not just encode (http://php.net/manual/en/function.htmlentities.php), ie. replace < with < in the database? This way a user can copy-paste html code. There is a legit reason for some web developer (or shell developer) to paste code into the task logs. Just a suggestion.
As seen here Mantis allows "<<" in the comment.
(0002535)
caseydk   
2012-05-27 13:44   
Currently there are lots of encodings/escapings across a variety of modules (and end points like pdf vs gantt vs web vs email) that changing something like this would have a variety of repercussions.

To be clear, this isn't a "no" this is a "way too risky to do this right now" and it's much bigger than this original report.. that's why it hasn't be Closed just marked as unfixable.
(0003367)
caseydk   
2014-05-20 20:22   
Resolved in development:
https://github.com/web2project/web2project/commit/7b72c1596a87449a34ba175ea8974bc56f508ba8

Issue History
Date ModifiedUsernameFieldChange
2012-05-07 10:36ace_diNew Issue
2012-05-13 22:37caseydkProjectv2.4 Release (Closed) => v3.0 Release
2012-05-13 22:37caseydkCategoryUser Interface => Core Infrastructure
2012-05-18 23:00caseydkProjectv3.0 Release => Pending Requests
2012-05-18 23:04caseydkNote Added: 0002526
2012-05-18 23:05caseydkPrioritynormal => none
2012-05-18 23:05caseydkSeverityminor => trivial
2012-05-18 23:05caseydkReproducibilityhave not tried => always
2012-05-18 23:05caseydkStatusnew => acknowledged
2012-05-18 23:05caseydkResolutionopen => not fixable
2012-05-22 10:34ace_diNote Added: 0002531
2012-05-27 13:44caseydkNote Added: 0002535
2014-05-20 20:20caseydkProjectPending Requests => v3.2 Release
2014-05-20 20:22caseydkNote Added: 0003367
2014-05-20 20:22caseydkStatusacknowledged => resolved
2014-05-20 20:22caseydkResolutionnot fixable => fixed
2014-05-20 20:22caseydkAssigned To => caseydk
2014-05-22 19:52caseydkCategoryGeneral => Core Infrastructure
2014-05-22 19:52caseydkProduct Version2.4 =>
2014-06-10 22:09caseydkTarget Version => 3.2
2014-07-16 21:26caseydkFixed in Version => 3.2
2014-07-16 21:28caseydkStatusresolved => closed