phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0016895phplist applicationInterface - Administratorpublic02-10-13 19:2719-07-14 15:39
Reporteralpha1 
PrioritylowSeveritytrivialReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.0.5 
Target Version3.0.XFixed in Version3.0.7 
Summary0016895: List names ($row['name']) have not been stripped of slashes
DescriptionSame Issue as:https://mantis.phplist.com/view.php?id=16724 [^]

Fix:
catlists.php
Line: 65 $ls->addColumn($row['id'],$GLOBALS['I18N']->get('Name'),stripslashes($row['name']));
Steps To ReproduceView the ?page=catlists page with any list such as "Mike's Testing List" and you'll see the ' has a slash.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0052304)
alpha1 (reporter)
02-10-13 19:54

Same Issue:
?page=message&id=ANY

File: message.php

Corrected Lines:
Line: 130
$content .= sprintf ('<tr><td>%d</td><td>%s</td></tr>',$lst['id'],stripslashes($lst['name']));

and line 137:
    $content .= sprintf ('<tr><td>%d</td><td>%s</td></tr>',$lst['id'],stripslashes($lst['name']));


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker