phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015522phplist applicationMessage Send Processpublic30-07-10 10:5622-05-12 16:14
Reportervrocks 
PriorityhighSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSwindowsOS Version7
Product Version2.11.5 
Target Version4.0.xFixed in Version2.11.7 
Summary0015522: Cannot select a destination list
DescriptionWhen I go to the lists tab and select one of my lists, then hit save, it says my destination list is still missing and my selected list is unselected.
Steps To ReproduceNothing special. Just try selecting a list.
TagsNo tags attached.
Attached Filesdiff file icon mysql.inc.diff [^] (433 bytes) 25-08-10 06:58 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
related to 0015534resolvedmichiel Newlines in footer converted to "rn" in text input box when saving a new message 

-  Notes
(0051075)
jeremyw (reporter)
25-08-10 07:06

I had the same problem, but I eventually tracked down the offending code.

The issue is in the function setMessageData() in admin/lib.php, at lines 60-63:
---[code]---
  if (NO_MAGIC_QUOTES) {
 # print "Escaping";
    $value = sql_escape($value);
  }
---[/code]---

The trouble is that sql_escape() returns a string, but when destination lists are being saved, we're dealing with an array (targetlist).

I'm not sure if the better solution is to revise the above code or the sql_escape() function defined in admin/mysql.inc. I did the latter; my patch is attached.


***
Incidentally, in tracking down this bug I looked at admin/actions/storemessage.php. It doesn't make sense to me why at line 51 there is the following line:
   $messagedata = loadMessageData($id);
This basically immediately after the values of $messagedata have just been set. I guess whatever is supposed to be happening is working, but it's confusing to me.
(0051078)
jeremyw (reporter)
25-08-10 16:04

Upon further examination, I think the above code block (line 60-63 of admin/lib.php) is redundant, since escaping also happens in Sql_Replace(), which is called at the end of setMessageData().

Removing said lines would make my proposed patch unnecessary. It also fixes issue #0015534, which I reported.


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker