[#20024] - Escape full query in NestedTable debug mode
- Fixed in Code Base
- 1 Apr 2018
- Medium
- Build: staging
- # 20024
- Diff
- SniperSister:nested-queryescape
User tests: Successful: Unsuccessful:
Summary of Changes
The nested table class has a debug mode which can be enabled by developers to get additional output of the inner workings of that class. Without this PR, a full DB query (that i.e. might include HTML markup) would be outputted without any escaping, breaking the debug output with the then parsed HTML.
Testing Instructions
- Login to the administrator area, navigate to the screen where you can create a new com_content category and fill that form - do not submit it yet!
Open administrator/components/com_categories/tables/category.php, enable debugging by adding the following property:
protected $_debug = 1;
Open libraries/src/Application/WebApplication and empty the redirect() method to suppress the redirect after save.
Hit save, see a debug output comparable to this screenshot.
Apply patch, restore redirect method, navigate to form again, empty the redirect method and save again. Check that the debug output still works.
Expected result
Debug output is escaped
Actual result
Debug output is unescaped
Documentation Changes Required
None
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20024.
| Status | Pending | ⇒ | Ready to Commit |
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20024.
mbabker
- | Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-04-01 15:33:00 |
| Closed_By | ⇒ | mbabker | |
| Labels |
Added:
?
?
|
||
I have tested this item✅ successfully on e55ddc1
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20024.