The attached patch corrects the use of check_plain() on project and issue metadata. Previously, component names containing these characters would be double-converted (in some contexts), and status choices wouldn’t be converted (in some contexts). Category and Priority also potentially had this problem, but they are currently hard-coded with strings that aren’t affected (although translation could change this). I haven’t carefully checked Project name, Version, or Assigned.
One non-obvious reason this happened is that the Drupal forms API processes option choices (such as for list boxes) through check_plain(), but expects the caller to process most other fields.
(To test this, I’ve been using a test string such as “testA”. If I see “testA”, it needs check_plain(); if I see “testA”, it’s been double-processed with check_plain().)
Comment | File | Size | Author |
---|---|---|---|
#2 | project_issue_check_plain_fix.patch | 4.14 KB | teliseo |
project_issue_check_plain_fix.patch | 3.47 KB | teliseo |
Comments
Comment #1
teliseo CreditAttribution: teliseo commentedD’oh! Here’s that last paragraph again, properly encoded:
(To test this, I’ve been using a test string such as “testA”. If I see “testA”, it needs check_plain(); if I see “testA”, it’s been double-processed with check_plain().)
Comment #2
teliseo CreditAttribution: teliseo commentedCorrection to my patch to also fix the views filter handler for the component field of issues.