Quotation marks not escaped in name in group members block and when masquerading
Bug #1694874 reported by
Kristina Hoeppner
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
Medium
|
Rebecca Blundell | ||
Bug Description
When a user's name (first or last or display name) contains double quotation marks, they are not escaped and shown as " in the "Members" block on the group homepage.
It's not a problem on the "Members" page, but just in the "Members" block on the group homepage.
To replicate:
1. Set up a group and make sure that the group members block is displayed on the group homepage.
2. Add double quotation marks to your
a) first name
b) last name
c) display name (in a separate test)
3. Go to the group homepage and check your name.
Expected result: The double quotation marks are shown.
Actual result: Instead they are displayed as "
Revision history for this message
| Kristina Hoeppner (kris-hoeppner) wrote | #1 |
| summary: |
- Quotation marks not escaped in name in group members block + Quotation marks not escaped in name in group members block and when + masquerading |
| Changed in mahara: | |
| milestone: | 17.10.0 → 18.04.0 |
| Changed in mahara: | |
| assignee: | nobody → Rebecca Blundell (rjb-dev) |
| Changed in mahara: | |
| status: | Confirmed → In Progress |
Revision history for this message
| Mahara Bot (dev-mahara) wrote A patch has been submitted for review | #2 |
Revision history for this message
| Mahara Bot (dev-mahara) wrote A change has been merged | #3 |
| Changed in mahara: | |
| status: | In Progress → Fix Committed |
| Changed in mahara: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Also, quotation marks are not properly escaped when the user with the quotation marks masquerades as another user. This is visible in the notification bar at the top of the screen for "Become ... again" and in the user profile sideblock "Become ... again".