[Maintain-dev] [JIRA] Commented: (MNT-1493) Special characters are inserted after form failure

Frederic Wenzel (JIRA) jira at osuosl.org
Tue Jul 18 16:32:31 PDT 2006


     [ http://bugs.osuosl.org/browse/MNT-1493?page=comments#action_11083 ]
     
Frederic Wenzel commented on MNT-1493:
--------------------------------------

Quite frankly, I believe Maintain should not try to fix everything that other projects do wrong, at least not by all means. It's too bad that setting the simple option apparently does not work, but that's all we should try.

We also won't change if a different project asks you to enable register_globals, to empty your mysql server's root password or other nonsense.

When I enable magic quotes because some other project does not care about input validation, then I either have to change that (broken) project or live with breaking all other things that don't rely on such a weak method of input security.

Maintain simply can't heal the world ;)

> Special characters are inserted after form failure
> --------------------------------------------------
>
>          Key: MNT-1493
>          URL: http://bugs.osuosl.org/browse/MNT-1493
>      Project: Maintain
>         Type: Bug
>   Components: Frontend/Web Interface
>     Versions: 3.0
>     Reporter: Josh Schonstal
>     Assignee: Michael Clay
>     Priority: Minor
>      Fix For: 3.0

>
>
> Whenever a form validation fails, the escape character is inserted into the form before each special character in each text field (including '\').  On fields where the '\' character doesn't make it invalid, the characters are parsed and the '\' characters end up in the database.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira



More information about the Maintain-dev mailing list