[mythtv-commits] Ticket #10225: Mythweb is not safe for inappropriate characters in title/subtitles of shows

MythTV noreply at mythtv.org
Tue Dec 27 19:22:58 UTC 2011


#10225: Mythweb is not safe for inappropriate characters in title/subtitles of
shows
-------------------------------------+-------------------------------------
     Reporter:  henrik@…             |      Owner:  kormoc
         Type:  Bug Report -         |     Status:  new
  General                            |  Milestone:  unknown
     Priority:  minor                |    Version:  Trunk Head
    Component:  Plugin - MythWeb     |   Keywords:  mythweb, character
     Severity:  medium               |  encoding
Ticket locked:  0                    |
-------------------------------------+-------------------------------------
 It the title or subtitle of a show contains especially single or double
 quotes, it breaks the html/javascript structure of at least the
 recorded.php and details.php of mythweb. This is true for 0.24.1 and GIT
 of 23/12 2011.

 The case arises because the EIT date of the Danish DR1 channel is bad or
 misinterpreted so half of the description ends up in the subtitle. This is
 bearable (for me) it it wasnt because it breaks mythweb. But it could
 arise if the subtitle/title actually did contain quotes etc.

 The symptoms is that the javascripts for 'delete' a show does not work
 because of badly paired quotes in the HTML code. Note, that the page
 itself looks normally!

 The proposed solution (as implemented by me in my case) is to use one of
 the HTML-safe functions on the title and subtitle parts wherever they are
 used directly in the HTML part such as htmlentities(), htmlspecialchars(),
 htmlspecialchars() etc.

-- 
Ticket URL: <http://code.mythtv.org/trac/ticket/10225>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center


More information about the mythtv-commits mailing list