Project

General

Profile

Actions

Defect #14171

open

If the text formatting is "none", Meta characters in URLs are escaped twice.

Added by Nayuta Taga almost 11 years ago. Updated about 8 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Text formatting
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

If the text formatting is "none", Meta characters in URLs are escaped twice.

For example,

http://foo/bar.cgi&query=bazo

is formatted as:
<a href="http://foo/bar.cgi&amp;amp;query=baz">http://foo/bar.cgi&amp;amp;query=baz</a>

This problem is introduced by Redmine::WikiFormatting::NullFormatter#to_html (in lib/redmine/wiki_formatting.rb):

def to_html(*args)
  t = CGI::escapeHTML(@text)
  auto_link!(t)
  auto_mailto!(t)
  simple_format(t, {}, :sanitize => false)
end

Meta characters in URLs of the @text are escaped by both CGI::escapeHTML() and auto_link!() .

So,

&

becomes
&amp;amp;

----
$ RAILS_ENV=production rake about

About your application's environment
Ruby version              2.0.0 (amd64-freebsd8)
RubyGems version          1.8.25
Rack version              1.4
Rails version             3.2.13
Active Record version     3.2.13
Action Pack version       3.2.13
Active Resource version   3.2.13
Action Mailer version     3.2.13
Active Support version    3.2.13
Middleware                Rack::Cache, 
 ActionDispatch::Static, 
 Rack::Lock, 
 #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x00000804a48cb8>,
 Rack::Runtime,
 Rack::MethodOverride,
 ActionDispatch::RequestId,
 Rails::Rack::Logger,
 ActionDispatch::ShowExceptions,
 ActionDispatch::DebugExceptions,
 ActionDispatch::RemoteIp,
 ActionDispatch::Callbacks,
 ActiveRecord::ConnectionAdapters::ConnectionManagement,
 ActiveRecord::QueryCache, ActionDispatch::Cookies,
 ActionDispatch::Session::CookieStore,
 ActionDispatch::Flash,
 ActionDispatch::ParamsParser,
 ActionDispatch::Head, Rack::ConditionalGet, Rack::ETag,
 ActionDispatch::BestStandardsSupport,
 OpenIdAuthentication
Application root          (snip)/redmine-2.3.1
Environment               production
Database adapter          sqlite3
Database schema version   20130217094251

Actions #1

Updated by Go MAEDA about 8 years ago

Still reproducible in Redmine 3.2.0.

Actions

Also available in: Atom PDF