Opened 12 years ago
Closed 10 years ago
#10225 closed Bug Report - General (Won't Fix)
Mythweb is not safe for inappropriate characters in title/subtitles of shows
| Reported by: | Owned by: | Rob Smith | |
|---|---|---|---|
| Priority: | minor | Milestone: | unknown |
| Component: | Plugin - MythWeb | Version: | Master Head |
| Severity: | medium | Keywords: | mythweb, character encoding |
| Cc: | Ticket locked: | no |
Description
It the title or subtitle of a show contains especially single or double quotes, it breaks the html/javascript structure of at least the recorded.php and details.php of mythweb. This is true for 0.24.1 and GIT of 23/12 2011.
The case arises because the EIT date of the Danish DR1 channel is bad or misinterpreted so half of the description ends up in the subtitle. This is bearable (for me) it it wasnt because it breaks mythweb. But it could arise if the subtitle/title actually did contain quotes etc.
The symptoms is that the javascripts for 'delete' a show does not work because of badly paired quotes in the HTML code. Note, that the page itself looks normally!
The proposed solution (as implemented by me in my case) is to use one of the HTML-safe functions on the title and subtitle parts wherever they are used directly in the HTML part such as htmlentities(), htmlspecialchars(), htmlspecialchars() etc.
Given Mythweb is EOL, I'm closing new features. This should be done via the backend webserver now.