Feeling Lucky
?
[#29472] - [4.0] Don't apply addslashes to escaped text
- Fixed in Code Base
- 8 Jun 2020
- Medium
- Build: 4.0-dev
- # 29472
- Diff
- Quy:remove-addslashes
- Pending Hound Hound is busy sniffing around... Details
User tests: Successful: Unsuccessful:
Summary of Changes
escape handles single quote. No need to double escaping with addslashes.
Testing Instructions
Code review.
or
Add an article with the title Who's Online.
In list view, view page source.
Search for Edit Who\'s Online
Expected result
title="Edit Who's Online"
Actual result
title="Edit Who\'s Online">
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_associations com_banners com_categories com_contact com_content com_fields com_languages com_menus com_modules com_newsfeeds com_plugins com_tags com_templates com_users com_workflow |
Quy
- comment
- 7 Jun 2020
These 2 are different from the other ones so let's do it a different PR.
richard67
- comment
- 7 Jun 2020
OK.
richard67
- comment
- 7 Jun 2020
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/29472.
bonzani
- comment
- 8 Jun 2020
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/29472.
| Status | Pending | ⇒ | Ready to Commit |
alikon
- comment
- 8 Jun 2020
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/29472.
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-06-08 06:54:05 |
| Closed_By | ⇒ | infograf768 | |
| Labels |
Added:
?
|
||
infograf768
- comment
- 8 Jun 2020
Tks.
@Quy I found 2 places where there still is "escape(addslashes" when your PR is applied, both in modals:
<?php echo $this->escape(addslashes($item->title)); ?><?php echo $this->escape(addslashes($item->name)); ?>Shouldn't these be changed, too? If so, will you do that with this PR or make a new one?