View Issue Details

IDProjectCategoryView StatusLast Update
0016880phplist applicationOtherpublic19-09-13 16:29
Reporterduncanc 
PrioritynormalSeverityminorReproducibilitysometimes
Status resolvedResolutionfixed 
Product Version3.0.2 
Target Version3.0.XFixed in Version3.0.4 
Summary0016880: Javascript error on processqueue page
DescriptionThe output() function does not escape a single quote character in the message that is to be displayed. When processing the queue in the browser this leads to invalid javascript. The Firefox web console displays an error

[11:21:10.546] SyntaxError: missing ) after argument list @ http://strontian.config/lists3/admin/?page=pageaction&action=processqueue&ajaxed=true:322

See file actions/processqueue.php line 342

      print '<script type="text/javascript">
      var parentJQuery = window.parent.jQuery;
      parentJQuery("#processqueue'.$target.'").append(\'<div class="output shade'.$shadecount.'">'.$line.'</div>\');
      parentJQuery("#processqueue'.$target.'").animate({scrollTop:100000}, "slow");
      </script>';

Because this is javascript inside php there may be some confusion on which quotes, single or double need to be escaped. But $line can itself contain single quote characters that are not currently escaped.
TagsNo tags attached.

Activities

duncanc

18-09-13 12:08

developer   ~0052265

Using heredoc may simplify this,along with variable interpolation

      $line = str_replace("'", "\'", $line);

      print <<<END
      <script type="text/javascript">
      var parentJQuery = window.parent.jQuery;
      parentJQuery("#processqueue$target").append('<div class="output shade$shadecount">$line</div>');
      parentJQuery("#processqueue$target").animate({scrollTop:100000}, "slow");
      </script>
END;

michiel

19-09-13 14:06

manager   ~0052267

I think just the

       $line = str_replace("'", "\'", $line);

should be sufficient here.,