[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#611717: marked as done (alioth.debian.org: Improper quoting on request-to-join-project-form)

Your message dated Tue, 1 Feb 2011 11:53:42 +0100
with message-id <20110201105342.GG2420@glenfiddich.ikibiki.org>
and subject line Re: Bug#611717: alioth.debian.org: Improper quoting on request-to-join-project-form
has caused the Debian Bug report #611717,
regarding alioth.debian.org: Improper quoting on request-to-join-project-form
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
611717: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611717
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: www.debian.org

Hi folks,

I hope this is the right place for this report. If not, feel free to
whack me over the head and tell me where to go instead :-)


I've just submitted a request to join a project on Alioth [1]. In the
comment I typed there, I've used a few single quotes. After pressing
submit, the request was correctly submitted (according to the message
shown). Additionally, the comment I typed was shown in the textarea
again, but this time all single quotes were preceded by a backslash.

This looks like some overzealous escaping somewhere (magic_quotes_gpc
perhaps?). It's probably harmless, but it might be an indication that
there is some underlying, more serious problem. (In fact, looking at the
FusionForge source code, it seems there is no explicit escaping in
request.php, so it might very well be that magic_quotes is indeed turned
on. There is also a possibly relevant bug report [1], which seems to be
fixed in the wrong way IMHO).

Gr.

Matthijs

[1]: https://alioth.debian.org/project/request.php?group_id=31226
[2]: http://fusionforge.org/tracker/index.php?func=detail&aid=26&group_id=6&atid=105

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Hi,

On Tue, Feb 01, 2011 at 11:36:31AM +0100, Matthijs Kooijman wrote:
> Package: www.debian.org
> 
> I hope this is the right place for this report. If not, feel free to
> whack me over the head and tell me where to go instead :-)

Alioth team is different than www team, and they have their own bug tracker on
alioth itself.

http://wiki.debian.org/Teams/Alioth
Interacting with the team
	Email contact: admin@alioth.debian.org
	Request tracker: http://alioth.debian.org/tracker/?func=add&group_id=1&atid=200001

> I've just submitted a request to join a project on Alioth [1]. In the
> comment I typed there, I've used a few single quotes. After pressing
> submit, the request was correctly submitted (according to the message
> shown). Additionally, the comment I typed was shown in the textarea
> again, but this time all single quotes were preceded by a backslash.
> 
> This looks like some overzealous escaping somewhere (magic_quotes_gpc
> perhaps?). It's probably harmless, but it might be an indication that
> there is some underlying, more serious problem. (In fact, looking at the
> FusionForge source code, it seems there is no explicit escaping in
> request.php, so it might very well be that magic_quotes is indeed turned
> on. There is also a possibly relevant bug report [1], which seems to be
> fixed in the wrong way IMHO).
> 
> Gr.
> 
> Matthijs
> 
> [1]: https://alioth.debian.org/project/request.php?group_id=31226
> [2]: http://fusionforge.org/tracker/index.php?func=detail&aid=26&group_id=6&atid=105
> 



-- 
Simon Paillard

--- End Message ---
Reply to: