Project

General

Profile

Actions
Copy link

Defect #13539

closed

html entities appear in subject line (aka xml escape codes)

Added by Robert Hailey almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Issues
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:
1.4.4

Description

We recently performed the security fix for our 1.4.x redmine instance that involved upgrading rails:

http://www.redmine.org/news/78

... and now whenever a subject contains a special character, updating that ticket causes the escape code to be stored as the new subject.

e.g.
Ticket is opened with subject "user's email"
Someone leaves a comment
Subject is automatically changed to "user's email"

As you can imagine, it's very annoying.

I'm sure it's related to the new (and probably safer) handling of field input, but it seems that there should be an easy fix (it's just double encoded).

If this was already addressed somewhere between 1.4.4 & 1.4.7, can someone point to the fixing commit, please?

Actions
Copy link

Also available in: Atom PDF