Project

General

Profile

Bug #6092

Restore Wiki Page

Added by Kris Sinnaeve over 7 years ago. Updated over 6 years ago.

Status:
Bug resolved
Priority:
Normal
Assignee:
Daniel Barreto
Category:
Wiki
Target version:
Start date:
15/04/2013
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:
Complexity:
Piece of cake
SCRUM pts - complexity:
?

Description

Restoring a Wiki Page with content containing single quotes fails without notice.
Reason: the parameters passed in into restore_wikipage are not properly escaped.

Associated revisions

Revision 0ae1cd16 (diff)
Added by Yoselyn Castillo over 7 years ago

Properly escaped string in restoring wiki -refs #6092

Revision 386f118c (diff)
Added by Yoselyn Castillo over 7 years ago

Removing unnecessary variables declaration -refs #6092

Revision 9ced1926
Added by Yannick Warnier over 7 years ago

Merge pull request #74 from ycastillo/6092

refs #6092

Revision 5e3fd4b4 (diff)
Added by Julio Montoya over 6 years ago

Fixing wiki errors see #6092

History

#1

Updated by Yannick Warnier over 7 years ago

  • Category set to Wiki
  • Target version changed from 1.9.6 to 1.9.8
#2

Updated by Yannick Warnier over 7 years ago

  • Assignee set to Yoselyn Castillo
#3

Updated by Yoselyn Castillo over 7 years ago

  • Status changed from New to Needs more info

Well, I have tested in my local pc
I have created a wiki in a course
The content is "Hello World"
I have made a backup of this course
I have successfully restored this backup into other course
The wiki in the course contains "Hello World" too
I have no seen the bug
Can you tell me how can i reproduce it, or if you mark any other option, configuration etc?

#4

Updated by Kris Sinnaeve over 7 years ago

Please try again with "Hello' World" instead of "Hello World".
The single quote causes the restoration of a previous version of the wiki page to fail.
(I'm not talking about restoring the wiki into another course here).

#5

Updated by Yoselyn Castillo over 7 years ago

  • Status changed from Needs more info to Assigned

Now i see the bug, thanks, i am checking the code

#6

Updated by Yoselyn Castillo over 7 years ago

The commit was sent to:
https://github.com/chamilo/chamilo-lms/pull/74
Try this fix

#7

Updated by Yoselyn Castillo over 7 years ago

  • Status changed from Assigned to Needs testing
  • Assignee deleted (Yoselyn Castillo)

It should be fixed now, It needs testing, please give us your feedback. Thanks

#8

Updated by Kris Sinnaeve over 7 years ago

Why don't you just properly escape the parameters passed in? As it's a restoration function, you don't want to have the data possibly changed.
I would suggest to use Database::escape_string() instead of api_html_entity_decode(). This should be database independent too.

#9

Updated by Yannick Warnier about 7 years ago

  • Status changed from Needs testing to Assigned
  • Assignee set to Julio Montoya
#10

Updated by Yannick Warnier almost 7 years ago

  • % Done changed from 50 to 60

I agree with Kris that these calls should be more o the Apache type, so please make sure we don't call htmlentities and that each of these calls are replaced by either htmlentities (if effectively just to print to screen) or by escape_string() if this goes to a database.

#11

Updated by Julio Montoya over 6 years ago

  • Status changed from Assigned to Needs more info
  • Assignee deleted (Julio Montoya)

I added some fixes.

#12

Updated by Yannick Warnier over 6 years ago

  • Status changed from Needs more info to Needs testing
  • Assignee set to Daniel Barreto

OK, set for testing

#13

Updated by Daniel Barreto over 6 years ago

  • Status changed from Needs testing to Bug resolved
  • % Done changed from 60 to 100

Tested and working.

In course A, created a wiki page whit single quotes in title and contain of page
created a backup from this course A
imported this backup into course B
Checked and the wiki pages are equal

Also available in: Atom PDF