https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292019-06-13T07:04:42ZRedmineRedmine - Defect #31552: View switches from gantt to list after editing an issuehttps://www.redmine.org/issues/31552?journal_id=923402019-06-13T07:04:42ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li></ul> Redmine - Defect #31552: View switches from gantt to list after editing an issuehttps://www.redmine.org/issues/31552?journal_id=926212019-06-27T06:35:25ZMizuki ISHIKAWA
<ul></ul><p>I have confirmed that the changes below fix this problem.<br /><pre><code class="diff syntaxhl"><span class="gh">diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 06e2d702c1..afbb30f3ee 100644
</span><span class="gd">--- a/app/controllers/application_controller.rb
</span><span class="gi">+++ b/app/controllers/application_controller.rb
</span><span class="p">@@ -440,7 +440,7 @@</span> class ApplicationController < ActionController::Base
end
begin
<span class="gd">- uri = URI.parse(back_url)
</span><span class="gi">+ uri = URI.parse(URI.encode(back_url))
</span> rescue URI::InvalidURIError
return false
end
</code></pre></p>
<p>However, I am concerned that this change will cause other problems.<br />ApplicationController#validate_back_url is a method that includes security changes(<a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Defect: Open redirect vulnerability with back_url param (Closed)" href="https://www.redmine.org/issues/19577">#19577</a>), so it needs to be corrected carefully.</p> Redmine - Defect #31552: View switches from gantt to list after editing an issuehttps://www.redmine.org/issues/31552?journal_id=926232019-06-27T07:13:11ZMizuki ISHIKAWA
<ul><li><strong>File</strong> <a href="/attachments/23418">add-back-url-parameter.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/23418/add-back-url-parameter.patch">add-back-url-parameter.patch</a> added</li></ul><p>I think that the patch attached is better than the correction method suggested in <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Defect: View switches from gantt to list after editing an issue (Closed)" href="https://www.redmine.org/issues/31552#note-2">#31552#note-2</a>.</p>
<p>The issues/_list also make the back_url parameter in the same way.<br />The same problem occurred with the calendar, so we fix it together.</p> Redmine - Defect #31552: View switches from gantt to list after editing an issuehttps://www.redmine.org/issues/31552?journal_id=926512019-06-29T05:23:08ZGo MAEDA
<ul><li><strong>Target version</strong> set to <i>4.0.5</i></li></ul><p>Mizuki ISHIKAWA wrote:</p>
<blockquote>
<p>The issues/_list also make the back_url parameter in the same way.</p>
</blockquote>
<p><a class="source" href="https://www.redmine.org/projects/redmine/repository/svn/entry/tags/4.0.4/app/views/issues/_list.html.erb#L5">source:tags/4.0.4/app/views/issues/_list.html.erb#L5</a> and <a class="source" href="https://www.redmine.org/projects/redmine/repository/svn/entry/tags/4.0.4/app/views/timelog/_list.html.erb#L2">source:tags/4.0.4/app/views/timelog/_list.html.erb#L2</a>.</p>
<p>Setting the target version to 4.0.5.</p> Redmine - Defect #31552: View switches from gantt to list after editing an issuehttps://www.redmine.org/issues/31552?journal_id=926522019-06-29T05:29:41ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Resolved</i></li><li><strong>Assignee</strong> set to <i>Go MAEDA</i></li></ul><p>Committed the patch. Thank you all for reporting and fixing this issue.</p> Redmine - Defect #31552: View switches from gantt to list after editing an issuehttps://www.redmine.org/issues/31552?journal_id=926722019-06-30T05:38:02ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul> Redmine - Defect #31552: View switches from gantt to list after editing an issuehttps://www.redmine.org/issues/31552?journal_id=929402019-08-01T08:51:01ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/31831">Defect #31831</a>: Back url parse in validation</i> added</li></ul>