Ticket #1279 (new bug)

Opened 7 months ago

Last modified 4 months ago

Signup sucks if quote are use if Name, first name or address

Reported by: jeanyves Owned by: Micha
Priority: critical Milestone: unassigned
Component: BW General Version: all
Keywords: signup quote Cc: micha lupochen
Follow up needed: test on alpha Frequently reported: 1
Announce on BW: no

Description

It results in a generic exception

Input should be escaped

This is critical bug

Change History

Changed 7 months ago by jeanyves

  • owner set to jeanyves

Changed 7 months ago by jeanyves

  • follow_up changed from none to test on alpha

Changed 7 months ago by jeanyves

  • owner changed from jeanyves to Micha

I just realized that in fact this bug was probably solved by the urlencode in enc.inc.php (it was done on admincrypted value and not on membercrypted value, this was what was creating the bug).

Since while fixing the line breaks and the \ problem in profile data, I moved it in prod (it has been successfuly tetsed in Alpha). So I think this also solve part of the problem in Signup. It is possible to signup with quote in FullName? (the system doesn 't generate an exception)

But the whole fix is still to be moved since they are still missing escaping which I have also fixed in the signup.model. It works in alpha, The problem is that I miss the overview with the new MOD_MAIL thing (last time I tried to move it on prod I was to revert).

It is to move in production (and to b tested there)

Changed 4 months ago by globetrotter_tt

Has anybody tested this already?

Note: See TracTickets for help on using tickets.