Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Changeset 949 may break configuration values #573

Closed
anonymous-piwik-user opened this Issue · 2 comments

2 participants

@anonymous-piwik-user

The superuser username " cannot be used as of changeset 949. It couldn’t really be used before because of a different bug.

This may not cause problems as the username is unlikely to be ", but some other value or plugin or other future configuration may be surprised by the special handling here and assume all characters are safe.

Lines 136 and 216 are the offending statements:

136 $value = str_replace(‘"’, “"”, $value); 216 $value = str_replace(“"”, ‘"’, $value);

Suggestion: Use the PHP built-in functions htmlspecialchars and html_entity_decode instead.

@mattab
Owner

fixed in 973

@anonymous-piwik-user

awesome thanks

@anonymous-piwik-user anonymous-piwik-user added this to the RobotRock milestone
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.