[Rt-commit] rt branch, 4.4/fix-double-escaped-queue-name, created. rt-4.4.3-198-g211d2c78c

? sunnavy sunnavy at bestpractical.com
Wed Feb 13 10:21:10 EST 2019


The branch, 4.4/fix-double-escaped-queue-name has been created
        at  211d2c78c9585b58c24e5a4db4e78ef1cc79c51d (commit)

- Log -----------------------------------------------------------------
commit 6b64f412467b8d9ed9a402fd4957733031cf4871
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Feb 13 05:11:26 2019 +0800

    Don't escape queue name in title generation stage as it'll be escaped later
    
    This to avoid the issue of double escapes that causes queue name
    "foo&bar" to become "foo&bar"

diff --git a/share/html/SelfService/Create.html b/share/html/SelfService/Create.html
index 5b5f08759..5ef98ad61 100644
--- a/share/html/SelfService/Create.html
+++ b/share/html/SelfService/Create.html
@@ -45,7 +45,7 @@
 %# those contributions and any derivatives thereof.
 %#
 %# END BPS TAGGED BLOCK }}}
-<& Elements/Header, Title => loc("Create a ticket in [_1]", $m->scomp("/Ticket/Elements/ShowQueue", QueueObj => $queue_obj)) &>
+<& Elements/Header, Title => loc("Create a ticket in [_1]", $m->scomp("/Ticket/Elements/ShowQueue", QueueObj => $queue_obj, Escape => 0)) &>
 
 <& /Elements/ListActions, actions => \@results &>
 <form action="Create.html" method="post" enctype="multipart/form-data" name="TicketCreate">
diff --git a/share/html/Ticket/Create.html b/share/html/Ticket/Create.html
index 0db5f7afe..bbe1ccf0d 100644
--- a/share/html/Ticket/Create.html
+++ b/share/html/Ticket/Create.html
@@ -441,7 +441,7 @@ my @results;
 my $QueueObj = RT::Queue->new($current_user);
 $QueueObj->Load($Queue) || Abort(loc("Queue [_1] could not be loaded.", $Queue||''), Code => HTTP::Status::HTTP_BAD_REQUEST);
 
-my $title = loc("Create a new ticket in [_1]", $m->scomp("/Ticket/Elements/ShowQueue", QueueObj => $QueueObj));
+my $title = loc("Create a new ticket in [_1]", $m->scomp("/Ticket/Elements/ShowQueue", QueueObj => $QueueObj, Escape => 0));
 
 $m->callback( QueueObj => $QueueObj, title => \$title, results => \@results, ARGSRef => \%ARGS );
 
diff --git a/share/html/Ticket/Elements/ShowQueue b/share/html/Ticket/Elements/ShowQueue
index e9e89351c..9cd6d73f0 100644
--- a/share/html/Ticket/Elements/ShowQueue
+++ b/share/html/Ticket/Elements/ShowQueue
@@ -53,6 +53,7 @@
 <%ARGS>
 $Ticket => undef
 $QueueObj
+$Escape => 1
 </%ARGS>
 <%INIT>
 my $label = $QueueObj->Name;
@@ -71,4 +72,12 @@ if ( $Ticket and $Ticket->CurrentUserHasRight('SeeQueue') ) {
 
 $label = '#'. $QueueObj->id
     unless defined $label && length $label;
+
+# Ticket create page uses this component to get queue name to generate page
+# title, which will be escaped in /Elements/Header later, so we don't need to
+# escape it here, otherwise the queue name will be wrongly escaped twice.
+if ( !$Escape ) {
+    $m->out($label);
+    return;
+}
 </%INIT>

commit 211d2c78c9585b58c24e5a4db4e78ef1cc79c51d
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Feb 13 06:08:37 2019 +0800

    Add tests to confirm queue name is not double escaped

diff --git a/t/web/basic.t b/t/web/basic.t
index 79c247d24..4e3dbe749 100644
--- a/t/web/basic.t
+++ b/t/web/basic.t
@@ -2,7 +2,7 @@
 use strict;
 use warnings;
 
-use RT::Test tests => 24;
+use RT::Test tests => undef;
 
 my ($baseurl, $agent) = RT::Test->started_ok;
 
@@ -126,3 +126,11 @@ $query =~ s/\s+/ /g;
 
 is ($query, "Subject LIKE 'aaa' AND Subject LIKE 'bbb'");
 
+{
+    my $queue = RT::Test->load_or_create_queue( Name => 'foo&bar' );
+    $agent->goto_create_ticket( $queue->id );
+    is( $agent->status, 200, "Loaded Create.html" );
+    $agent->title_is('Create a new ticket in foo&bar');
+}
+
+done_testing;

-----------------------------------------------------------------------


More information about the rt-commit mailing list