[Koha-bugs] [Bug 20675] New: Bad html in message_queue.content corrupts members/notices.pl

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Apr 27 22:22:17 CEST 2018


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20675

            Bug ID: 20675
           Summary: Bad html in message_queue.content corrupts
                    members/notices.pl
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Notices
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: barton at bywatersolutions.com
        QA Contact: testopia at bugs.koha-community.org

Bad html in letter.content will be written to message_queue.content, which can
corrupt the display of members/notices.pl

To re-create:

1) Edit a notice which will show up in the message queue.
2) Make sure 'HTML message' is checked.
3) Add <a href="http://example.com>example.com</a>
   (notice the missing quotes at the end of 
    http://example.com>example.com in the 
    href attribute)
4) Trigger the notice for a given patron
5) Go to the patron's notices tab
6) Trying to expand any of the notices is now broken due to html corruption.

This affects users directly, furthermore, simply fixing the letter template
isn't enough because the corrupted html stays in message_queue.content. It can
only be fixed by updating message_queue.content directly via the database.

We should validate html on any page where the 'HTML message' box is checked in
tools/letter.pl.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.


More information about the Koha-bugs mailing list