Project

General

Profile

Actions
Copy link

Defect #38728

closed

Correctly escape issue text in Gantt PNG export for ImageMagick convert

Added by Holger Just 11 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Go MAEDA
Category:
Gantt
Target version:
4.2.11
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:
4.1.0

Description

According to https://imagemagick.org/Usage/draw/#text, we need to quote the passed text and only escape the quote character and backslash with backslashes respectively. Redmine::Utils::Shell.shell_quote escapes the single quote for a wrong environment (namely a shell) which results in errors if an issue subject contains a single quote character.

The attached patch fixes this by using specific quoting/escaping for the ImageMagick convert command.

Note that the usual shell special characters (such as $, `, ...) do not need to be escaped here since the shellouts performed by MiniMagick are perfomed with Open3.popen3 which does not launch a shell but runs the command directly.

Files

0001-Correctly-escape-issue-text-in-Gantt-PNG-export-for-.patch (3.26 KB) 0001-Correctly-escape-issue-text-in-Gantt-PNG-export-for-.patch Holger Just, 2023-06-15 17:30

Related issues

Related to Redmine - Feature #30492: Replace RMagick with MiniMagickClosedGo MAEDA

Actions
Related to Redmine - Defect #34046: Escaping symbols in task subject can broke export to Gantt (PNG)Needs feedback

Actions
Actions
Copy link
 #1

Updated by Holger Just 10 months ago

To further explain this, when a ' character is included in an issue subject, right now, we would escape the generated command line argument to convert as follows (assuming the subjet is foo 'bar' baz

text 2,16 'foo '"'"'bar'"'"' baz'

This is a single argument (including the spaces). As explained, there are no surounding quotes around the command line argument as the command in not run through a shell by mini_magick but is directly passed to the command via Open3.popen3. Imagemagick performs some quote-parsing on its own to determine the single or double-quoted string as the last argument to a draw text rule.

However, due to the excessive escaping of the ' characters, imagemagick barfs as its parsing rules for the quoted string expects only only a single quoted string (with internal quotes of the same type escaped by \). This escaping rule as described in the above linked document is implemented by the patch. Thus, after the patch the same issue subject will result in the following command line argument:

text 2,16 'foo \'bar\' baz'
Actions
Copy link
 #2

Updated by Go MAEDA 7 months ago

  • Tracker changed from Patch to Defect
  • Target version changed from Candidate for next minor release to 4.2.11
  • Affected version set to 4.1.0
Actions
Copy link
 #3

Updated by Go MAEDA 7 months ago

Actions
Copy link
 #4

Updated by Go MAEDA 7 months ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA
  • Resolution set to Fixed

Committed the fix. Thank you.

Actions
Copy link
 #5

Updated by Mischa The Evil 7 months ago

  • Related to Defect #34046: Escaping symbols in task subject can broke export to Gantt (PNG) added
Actions
Copy link

Also available in: Atom PDF