Anonymous Login
2021-01-26 17:03 PST
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001135v3.2 ReleaseCore Infrastructurepublic2012-05-07 10:362014-07-16 21:28
Reporterace_di 
Assigned Tocaseydk 
PrioritynoneSeveritytrivialReproducibilityalways
StatusclosedResolutionfixed 
Product Version 
Target Version3.2Fixed in Version3.2 
Summary0001135: Cannot use "<<" in the description text fields
DescriptionIf you use double less than "<<" in any text field the << and everything that follows in truncated. If you type the value in the field in the database that it is shown. If you click edit and than save than you lose the << and everything that follows.
I needed to copy some bash script files in the task logs (to document what was done) and I lost parts of the text since it contained << characters.
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0002526

caseydk (administrator)

2012-05-18 23:04

 This one is quite a bit more complicated than imagined.

The core system uses the strip_tags function to remove all the HTML tags. The way the function works is that it interprets any combination of "<" and then a non-whitespace character as an opening tag. Therefore any of these would be removed:

<<
<hello
<!
<3

whereas if the "<" is followed by whitespace (space, tab, linebreak), it is preserved as expected. Therefore, this is a language feature, not a web2project issue.

The workaround for now is to not use "<<" or anything similar to the examples above.

~0002531

ace_di (reporter)

2012-05-22 10:34

 Why remove HTML (using strip_tags), why not just encode (http://php.net/manual/en/function.htmlentities.php), ie. replace < with < in the database? This way a user can copy-paste html code. There is a legit reason for some web developer (or shell developer) to paste code into the task logs. Just a suggestion.
As seen here Mantis allows "<<" in the comment.

~0002535

caseydk (administrator)

2012-05-27 13:44

 Currently there are lots of encodings/escapings across a variety of modules (and end points like pdf vs gantt vs web vs email) that changing something like this would have a variety of repercussions.

To be clear, this isn't a "no" this is a "way too risky to do this right now" and it's much bigger than this original report.. that's why it hasn't be Closed just marked as unfixable.

~0003367

caseydk (administrator)

2014-05-20 20:22

 Resolved in development:
https://github.com/web2project/web2project/commit/7b72c1596a87449a34ba175ea8974bc56f508ba8
+Notes

-Issue History
Date Modified Username Field Change
2012-05-07 10:36 ace_di New Issue
2012-05-13 22:37 caseydk Project v2.4 Release (Closed) => v3.0 Release
2012-05-13 22:37 caseydk Category User Interface => Core Infrastructure
2012-05-18 23:00 caseydk Project v3.0 Release => Pending Requests
2012-05-18 23:04 caseydk Note Added: 0002526
2012-05-18 23:05 caseydk Priority normal => none
2012-05-18 23:05 caseydk Severity minor => trivial
2012-05-18 23:05 caseydk Reproducibility have not tried => always
2012-05-18 23:05 caseydk Status new => acknowledged
2012-05-18 23:05 caseydk Resolution open => not fixable
2012-05-22 10:34 ace_di Note Added: 0002531
2012-05-27 13:44 caseydk Note Added: 0002535
2014-05-20 20:20 caseydk Project Pending Requests => v3.2 Release
2014-05-20 20:22 caseydk Note Added: 0003367
2014-05-20 20:22 caseydk Status acknowledged => resolved
2014-05-20 20:22 caseydk Resolution not fixable => fixed
2014-05-20 20:22 caseydk Assigned To => caseydk
2014-05-22 19:52 caseydk Category General => Core Infrastructure
2014-05-22 19:52 caseydk Product Version 2.4 =>
2014-06-10 22:09 caseydk Target Version => 3.2
2014-07-16 21:26 caseydk Fixed in Version => 3.2
2014-07-16 21:28 caseydk Status resolved => closed
+Issue History