[Rt-commit] r3243 - in rt/branches/3.4-RELEASE: . html/Elements
Alex Vandiver
alexmv at bestpractical.com
Sat Aug 13 02:34:51 EDT 2005
On Sat, 2005-08-13 at 02:25 -0400, David Glasser wrote:
> A post on rt-users seems to imply that this patch was wrong -- what
> were you trying to fix here? It looks to me like we just wanted to
> backslash-escape single quotes (and backslashes)?
And ampersands, and semicolons, and so on. Most of the problem was that
I wasn't realizing that the strings were also used in the call to
FromSQL, below. The right fix is to escape single quotes and
backslashes here, and URI escape everything when it is inserted into the
html.
- Alex
More information about the Rt-commit
mailing list