stable
Clone or download
Read-only
request #14513: Do not save project name|description with HTML entities
When project admin register a project with special characters (for example "Acme R&D"), the name and description containing such characters should NOT be saved in database with HTML entities ("Acme R&D"). How to test ----------- 1. Create projects with special characters: - & - " - > - < 2. Run forgeupgrade 3. Browse Tuleap => all places where the project name or project description is displayed should not display html entities. => ⚠️ ☠️ If project name/description is containing XSS like <img src=a.png onerror=alert(1)>, then the XSS is not triggered. 4. Update the project name/description. In database there is not conversion to HTML entities. Change-Id: I197a4ff6597630ccfc983eacc13a471d35d9b5f7
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/admindelegation/include/AdminDelegation_ShowProjectWidget.class.php | +1 | −1 | Go to diff View file |
| M | plugins/agiledashboard/include/Planning/Presenters/HomePresenter.class.php | +1 | −1 | Go to diff View file |
| M | plugins/docman/include/ApprovalTable/Reminder.class.php | +2 | −1 | Go to diff View file |
| M | plugins/docman/include/Docman_HTTPController.class.php | +3 | −2 | Go to diff View file |
| M | plugins/docman/include/Docman_MetadataComparator.class.php | +7 | −6 | Go to diff View file |
| M | plugins/docman/include/Docman_NotificationsManager.class.php | +1 | −1 | Go to diff View file |
| M | plugins/docman/include/Docman_SOAPController.class.php | +1 | −1 | Go to diff View file |
| M | plugins/docman/include/Docman_Widget_MyDocman.class.php | +1 | −1 | Go to diff View file |
| M | plugins/docman/include/view/Docman_View_Admin_MetadataImport.class.php | +1 | −1 | Go to diff View file |
| M | plugins/docman/include/view/Docman_View_Header.class.php | +1 | −1 | Go to diff View file |
| M | plugins/docman/include/view/Docman_View_ItemDetailsSectionPaste.class.php | +4 | −2 | Go to diff View file |
| M | plugins/git/include/Git/Mirror/MirrorDataMapper.class.php | +1 | −1 | Go to diff View file |
| M | plugins/git/include/GitForkPermissionsManager.class.php | +4 | −1 | Go to diff View file |
| M | plugins/git/include/GitViews.class.php | +1 | −1 | Go to diff View file |
| M | plugins/git/include/Git_LogDao.class.php | +5 | −5 | Go to diff View file |
| M | plugins/git/include/Git_Widget_UserPushes.class.php | +4 | −3 | Go to diff View file |
| M | plugins/git/phpunit/GitViewsTest.php | +1 | −1 | Go to diff View file |
| M | plugins/mediawiki/www/LocalSettings.php | +1 | −1 | Go to diff View file |
| M | plugins/mediawiki/www/frame.php | +0 | −1 | Go to diff View file |
| M | plugins/projectlinks/include/ProjectLinks_Widget_HomePageLinks.class.php | +1 | −1 | Go to diff View file |
| M | plugins/projectlinks/include/projectlinksPlugin.php | +9 | −6 | Go to diff View file |
| M | plugins/statistics/include/DiskUsageProjectsPresenterBuilder.php | +1 | −1 | Go to diff View file |
| M | plugins/tracker/include/Tracker/Artifact/Changeset/PostCreation/MailSender.php | +1 | −1 | Go to diff View file |
| M | plugins/tracker/include/Tracker/DateReminder/Tracker_DateReminderManager.class.php | +1 | −1 | Go to diff View file |
| M | plugins/tracker/include/Tracker/FormElement/View/Admin.class.php | +14 | −4 | Go to diff View file |
| M | plugins/tracker/include/Tracker/Migration/MailLogger.class.php | +2 | −1 | Go to diff View file |
| M | plugins/tracker/include/Tracker/TrackerManager.class.php | +2 | −2 | Go to diff View file |
| M | plugins/webdav/include/FS/WebDAVProject.class.php | +1 | −1 | Go to diff View file |
| M | src/common/Project/Admin/ProjectDetails/ProjectDetailsController.php | +1 | −1 | Go to diff View file |
| M | src/common/Project/Admin/ProjectDetails/ProjectDetailsDAO.php | +1 | −1 | Go to diff View file |
| M | src/common/Project/Admin/ProjectListResultsPresenterBuilder.php | +1 | −1 | Go to diff View file |
| M | src/common/Project/Group.class.php | +2 | −2 | Go to diff View file |
| M | src/common/Project/ProjectCreationTemplatePresenter.class.php | +2 | −30 | Go to diff View file |
| M | src/common/Project/ProjectCreator.class.php | +2 | −2 | Go to diff View file |
| M | src/common/Widget/Widget_MyArtifacts.class.php | +2 | −1 | Go to diff View file |
| M | src/common/Widget/Widget_MyLatestSvnCommits.class.php | +1 | −1 | Go to diff View file |
| M | src/common/Widget/Widget_MyMonitoredForums.class.php | +2 | −1 | Go to diff View file |
| M | src/common/Widget/Widget_MyMonitoredFp.class.php | +2 | −1 | Go to diff View file |
| M | src/common/Widget/Widget_MyProjects.class.php | +7 | −3 | Go to diff View file |
| M | src/common/layout/Layout.class.php | +0 | −6 | Go to diff View file |
| M | src/common/search/Presenters/SearchProjectResultPresenter.php | +1 | −1 | Go to diff View file |
| M | src/common/search/SearchController.class.php | +1 | −1 | Go to diff View file |
| M | src/common/tracker/Artifact.class.php | +3 | −3 | Go to diff View file |
| M | src/common/tracker/HTML/ArtifactHtml.class.php | +5 | −5 | Go to diff View file |
| M | src/common/tracker/HTML/ArtifactImportHtml.class.php | +5 | −5 | Go to diff View file |
| A | src/db/mysql/updates/2020/202002061639_clean_project_name_and_description.php | +74 | −0 | Go to diff View file |
| M | src/www/forum/forum_utils.php | +2 | −1 | Go to diff View file |
| M | src/www/include/html.php | +0 | −29 | Go to diff View file |
| M | src/www/mail/index.php | +2 | −1 | Go to diff View file |
| M | src/www/news/news_utils.php | +5 | −5 | Go to diff View file |
| M | src/www/news/submit.php | +3 | −2 | Go to diff View file |
| M | src/www/soap/common/group.php | +3 | −3 | Go to diff View file |
| M | src/www/soap/tracker/tracker.php | +43 | −43 | Go to diff View file |
| M | src/www/softwaremap/trove_list.php | +2 | −2 | Go to diff View file |
| M | src/www/themes/BurningParrot/Navbar/DropdownMenuItem/Content/Projects/ProjectPresentersBuilder.php | +1 | −1 | Go to diff View file |
| M | src/www/themes/FlamingParrot/ContainerPresenter.class.php | +1 | −1 | Go to diff View file |
| M | src/www/themes/FlamingParrot/NavBarProjectPresenter.class.php | +1 | −1 | Go to diff View file |
| M | src/www/tracker/add.php | +1 | −1 | Go to diff View file |
| M | src/www/tracker/browse.php | +0 | −1 | Go to diff View file |
| M | src/www/tracker/copy.php | +0 | −1 | Go to diff View file |
| M | src/www/tracker/detail.php | +0 | −5 | Go to diff View file |
| M | src/www/tracker/edit_comment.php | +0 | −1 | Go to diff View file |
| M | src/www/tracker/export.php | +0 | −1 | Go to diff View file |
| M | src/www/tracker/index.php | +0 | −1 | Go to diff View file |
| M | src/www/tracker/masschange_detail.php | +0 | −1 | Go to diff View file |
| M | src/www/tracker/mod.php | +0 | −5 | Go to diff View file |