[#687] Project name with html characters

Description

Summary:

Detailed description

After this i got a error about projectObject is not a object. This problem arose because i had project names in the database with & inside the name. In common/include/Group.class.php there is a escaping of special chars with htmlspecialchars . But this routine is buggy because it looks stupidly for characters and doesn't analyze if this already a escaped char :( So i changed it in the way to first expand the name and then escape it: function groupgetobjectbypublicname($groupname) { $res = dbqueryparams('SELECT * FROM groups WHERE lower(groupname) LIKE $1', array(htmlspecialchars(htmlentitydecode(strtolower($groupname))))); return groupgetobject(dbresult($res, 0, 'group_id'), $res); }

Extract from https://fusionforge.org/forum/message.php?msgid=708&groupid=6

General Information
Submitted by:
Franck Villaume
Date Submitted: 2014-06-06 10:05
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Date Closed: 2014-07-11 11:34
Permalink: https://fusionforge.org/tracker/a_follow.php/687
Actions
Internal Fields
Data Type: Bugs
Assigned to: Franck Villaume (nerville)
State: Closed
Priority: 3
Extra Fields
Resolution:
Accepted As Bug
Severity:
major
Target Release:
5.3.2
Follow-up tabs
Message  ↓
Date: 2014-07-11 11:34
Sender: Franck Villaume

fix in commit: bc4069e756424cc54053032ee61e8bb3d9dc3978

Date: 2014-07-11 10:03
Sender: Franck Villaume

partial fix in commit: 8e4a670465afa417cfcdbbd16d1880705ced7e07

Date: 2014-07-11 09:50
Sender: Franck Villaume

enabling/disabling any tool using the tools admin tab in project does not work when project has html special char in group_name.

No attached documents

No related commits.

Field Old Value Date By
status_idOpen2014-07-11 11:34
Franck Villaume
close_dateNone2014-07-11 11:34
Franck Villaume
assigned_tonone2014-07-11 11:34
Franck Villaume
Target ReleaseNone2014-07-11 11:34
Franck Villaume
details After this i got a error about projectObject is not a object. This problem arose because i had project names in the database with & inside the name. In common/include/Group.class.php there is a escaping of special chars with htmlspecialchars . But this routine is buggy because it looks stupidly for characters and doesn't analyze if this already a escaped char :( So i changed it in the way to first expand the name and then escape it: function group_get_object_by_publicname($groupname) { $res = db_query_params('SELECT * FROM groups WHERE lower(group_name) LIKE $1', array(htmlspecialchars(html_entity_decode(strtolower($groupname))))); return group_get_object(db_result($res, 0, 'group_id'), $res); } Extract from https://fusionforge.org/forum/message.php?msg_id=708&group_id=62014-07-11 09:50
Franck Villaume
Found in VersionNone2014-07-11 09:50
Franck Villaume
SeverityNone2014-07-11 09:50
Franck Villaume
ResolutionNone2014-07-11 09:50
Franck Villaume

No relations found.