Single-quote in descr causes havoc w/ TC duplicate

Brought to you by: romulusnr

#15 Single-quote in descr causes havoc w/ TC duplicate

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2007-01-23

Created: 2007-01-23

Creator: Anonymous

Private: No

If there is a single-quote in your test description, and you use Duplicate Case on it, it will cause an error.

This is because the single-quote in the descr is not being escaped, causing premature termination of the descr string.

Discussion

Keith Tyler - 2007-01-31

Logged In: YES
user_id=579274
Originator: NO

The fix is in newcase.php, where we check for $_GET['model']. We must apply addslashes() to $tcinfo('descr') and $tcinfo('details'). We will need to do this for any future text field as well.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Keith Tyler - 2007-01-31

Logged In: YES
user_id=579274
Originator: NO

We must also do this in the forloop on the $ctcinfo array. Ugh.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Keith Tyler - 2007-01-31

Logged In: YES
user_id=579274
Originator: NO

Maybe getcase() should do this? Hmm, not by default, because sometimes it's used for page data. Maybe a special getcase(), or an opt arg?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.