Fix #2980: Escaping fixes are not applied to the bug history table.

+ some other fixes to upgrades (see below).

M admin/upgrade_inc.php
- Some improvements for the "Print All" layout

M admin/upgrades/0_17_escaping_fixes_inc.php
- Added a fix for the double escaping of the history table.
- Added a fix to remove entries in the history there were
added due to escaping errors rather than actual changes.

M admin/upgrades/0_17_inc.php
- Added "id" field to the bug history table.

M doc/ChangeLog
- Updated change log.


git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1983 f5dc347c-c33d-0410-90a0-b07cc1902cb9

admin/upgrade_inc.php

@@ -139,9 +139,8 @@ function execute() {
 		}
 
 		function display() {
-			$t_description = "# Upgrade $this->id: $this->description\r\n";
-
-			$t_description .= $this->query . "\r\n\r\n";
+			$t_description = "# Upgrade $this->id: $this->description<br />";
+			$t_description .= $this->query . "<br /><br />";
 
 			return $t_description;
 		}
@@ -168,15 +167,18 @@ function execute() {
 				$this->set_applied();
 			} else {
 				$this->error = "Function $this->function_name() returned false<br />";
-				$this->error .= "Last database error (may not be applicable) was: "
-								. db_error_msg();
+				$t_db_error = db_error_msg();
+				if ( !is_blank( $t_db_error ) ) {
+					$this->error .= "Last database error (may not be applicable) was: "
+									. $t_db_error;
+				}
 			}
 
 			return $result;
 		}
 
 		function display() {
-			return "# Upgrade $this->id: $this->description\n#\n# Execute function $this->function_name()\n\n";
+			return "# Upgrade $this->id: $this->description<br /># Execute function $this->function_name()<br /><br />";
 		}
 	}
 
@@ -243,7 +245,7 @@ function run( $p_execute, $p_limit, $p_advanced ) {
 			# Execute All Button
 			echo "<input type=\"submit\" name=\"{$this->upgrade_file}_execute_all\" value=\"Execute All\" />";
 			# Print All Button
-			echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_all\" value=\"Print All\" />";
+			echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_all\" value=\"Print All\" /><br /><br />";
 
 			if ( $p_advanced ) {
 				# Execute Selected Button
@@ -317,7 +319,7 @@ function run( $p_execute, $p_limit, $p_advanced ) {
 			echo '</table>';
 
 			# Execute All Button
-			echo "<input type=\"submit\" name=\"{$this->upgrade_file}_execute_all\" value=\"Execute All\" />";
+			echo "<br /><input type=\"submit\" name=\"{$this->upgrade_file}_execute_all\" value=\"Execute All\" />";
 			# Print All Button
 			echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_all\" value=\"Print All\" />";
 

admin/upgrades/0_17_escaping_fixes_inc.php

@@ -154,5 +154,27 @@ function upgrade_escaping_fix_8() {
 			array( 'platform', 'os', 'os_build', 'description' ) );
 	}
 
+	$upgrades[] = new FunctionUpgrade( 
+		'escaping-fix-9',
+		'Fix double escaped data in mantis_bug_history_table',
+		'upgrade_escaping_fix_9' );
+
+	function upgrade_escaping_fix_9() {
+		global $t_bug_history_table;
+
+		if ( db_field_exists( 'id', $t_bug_history_table ) ) {
+			return upgrade_fix_strings( $t_bug_history_table, 'id',
+				array( 'field_name', 'old_value', 'new_value' ) );
+		}
+
+		return false;
+	}
+
+	$upgrades[] = new SQLUpgrade( 
+		'escaping-fix-10',
+		'Remove history entries where type=0 and the old value = new value.  These existed because of escaping errors',
+		"DELETE FROM $t_bug_history_table
+		  WHERE (type = 0) AND (old_value = new_value)");
+
 	return $upgrades;
 ?>

admin/upgrades/0_17_inc.php

@@ -623,5 +623,26 @@ function upgrade_0_17_compat_17() {
 		"DELETE FROM $t_project_user_list_table
 		  WHERE project_id=0" );
 
+	$upgrades[] = new FunctionUpgrade( 
+		'0.17-vb-19',
+		'Add id field to bug history table',
+		'upgrade_0_17_vb_19' );
+
+	function upgrade_0_17_vb_19() {
+		global $t_bug_history_table;
+
+		if ( !db_field_exists( 'id', $t_bug_history_table ) ) {
+			$query = "ALTER TABLE $t_bug_history_table ADD id INT(7) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST";
+
+			$result = @db_query( $query );
+
+			if ( false == $result ) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
 	return $upgrades;
 ?>

doc/ChangeLog

@@ -7,6 +7,7 @@ Mantis ChangeLog
  * Fix: $g_lang_current was not available to custom_strings_inc.php
  * Fix: reduced the executed number of queries throughout the interface
  * Fix: improved handling of bad cookies (you now get a chance to log in again)
+ * Fix: Added the removal of invalid history entries that were added due to escaping errors to the string escaping fixes.
  * Fix #2944: Project files are not deleted when project is deleted.
  * Fix #2939: Confusing file names for uploaded project documents.
  * Fix #2954: Bgcolor attribute on TD in view_all_bug_page (moved to TR) [optimisation]
@@ -20,7 +21,9 @@ Mantis ChangeLog
  * Fix #2974: Message "APPLICATION WARNING #300" on main page.
  * Fix #2976: Incorrect handling of URLs.
  * Fix #2978: URLs not hyperlinked in news_add page.
+ * Fix #2980: Escaping fixes are not applied to the bug history table.
  * Fix #2982: Having email_set_category set to EMAIL_CATEGORY_PROJECT_CATEGORY erased various mail headers.
+ * DB Upgrade: Added "id" primary key to bug history table.
  * Languages: Updated German localisation.
  * Removed config option (bugnote_include_file): Used file path directly since there is no reason to make it configurable.
  * Removed config option (bugnote_view_include_file): Used file path directly since there is no reason to make it configurable.