phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0016880phplist applicationOtherpublic18-09-13 11:4719-09-13 16:29
Reporterduncanc 
PrioritynormalSeverityminorReproducibilitysometimes
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.0.2 
Target Version3.0.XFixed in Version3.0.4 
Summary0016880: Javascript error on processqueue page
DescriptionThe output() function does not escape a single quote character in the message that is to be displayed. When processing the queue in the browser this leads to invalid javascript. The Firefox web console displays an error

[11:21:10.546] SyntaxError: missing ) after argument list @ http://strontian.config/lists3/admin/?page=pageaction&action=processqueue&ajaxed=true:322 [^]

See file actions/processqueue.php line 342

      print '<script type="text/javascript">
      var parentJQuery = window.parent.jQuery;
      parentJQuery("#processqueue'.$target.'").append(\'<div class="output shade'.$shadecount.'">'.$line.'</div>\');
      parentJQuery("#processqueue'.$target.'").animate({scrollTop:100000}, "slow");
      </script>';

Because this is javascript inside php there may be some confusion on which quotes, single or double need to be escaped. But $line can itself contain single quote characters that are not currently escaped.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0052265)
duncanc (developer)
18-09-13 12:08

Using heredoc may simplify this,along with variable interpolation

      $line = str_replace("'", "\'", $line);

      print <<<END
      <script type="text/javascript">
      var parentJQuery = window.parent.jQuery;
      parentJQuery("#processqueue$target").append('<div class="output shade$shadecount">$line</div>');
      parentJQuery("#processqueue$target").animate({scrollTop:100000}, "slow");
      </script>
END;
(0052267)
michiel (manager)
19-09-13 14:06

I think just the

       $line = str_replace("'", "\'", $line);

should be sufficient here.,


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker