Opened 8 years ago

Closed 5 years ago

#10225 closed Bug Report - General (Won't Fix)

Mythweb is not safe for inappropriate characters in title/subtitles of shows

Reported by: henrik@… Owned by: Rob Smith
Priority: minor Milestone: unknown
Component: Plugin - MythWeb Version: Master Head
Severity: medium Keywords: mythweb, character encoding
Cc: Ticket locked: no

Description

It the title or subtitle of a show contains especially single or double quotes, it breaks the html/javascript structure of at least the recorded.php and details.php of mythweb. This is true for 0.24.1 and GIT of 23/12 2011.

The case arises because the EIT date of the Danish DR1 channel is bad or misinterpreted so half of the description ends up in the subtitle. This is bearable (for me) it it wasnt because it breaks mythweb. But it could arise if the subtitle/title actually did contain quotes etc.

The symptoms is that the javascripts for 'delete' a show does not work because of badly paired quotes in the HTML code. Note, that the page itself looks normally!

The proposed solution (as implemented by me in my case) is to use one of the HTML-safe functions on the title and subtitle parts wherever they are used directly in the HTML part such as htmlentities(), htmlspecialchars(), htmlspecialchars() etc.

Change History (1)

comment:1 Changed 5 years ago by Rob Smith

Resolution: Won't Fix
Status: newclosed

Given Mythweb is EOL, I'm closing new features. This should be done via the backend webserver now.

Note: See TracTickets for help on using tickets.