Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.32.0

Bug #10323 HTML special characters not escaped in patch output
Submitted: 2007-03-10 18:46 UTC
From: mj Assigned: mj
Status: Closed Package: pearweb
PHP Version: Irrelevant OS:
Roadmaps: 1.10.1    
Subscription  


 [2007-03-10 18:46 UTC] mj (Martin Jansen)
Description: ------------ This is a pretty serious thing, because HTML tags etc. in patches are not escaped on /bugs/patch-display.php. Because of the severity of this thing, I have deployed a patch directly on the production site and will merge the fix in CVS soon.

Comments

 [2007-03-10 18:48 UTC] mj (Martin Jansen)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.
 [2007-03-10 19:35 UTC] davidc (David Coallier)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. I fixed it using the display-patch.php file instead of the template
 [2007-03-10 20:19 UTC] davidc (David Coallier)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.