Debian Bug report logs - #611717
alioth.debian.org: Improper quoting on request-to-join-project-form

Package: www.debian.org; Maintainer for www.debian.org is Debian WWW Team <debian-www@lists.debian.org>;

Reported by: Matthijs Kooijman <matthijs@stdin.nl>

Date: Tue, 1 Feb 2011 10:39:02 UTC

Severity: normal

Done: Simon Paillard <spaillard@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian WWW Team <debian-www@lists.debian.org>:
Bug#611717; Package www.debian.org. (Tue, 01 Feb 2011 10:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Matthijs Kooijman <matthijs@stdin.nl>:
New Bug report received and forwarded. Copy sent to Debian WWW Team <debian-www@lists.debian.org>. (Tue, 01 Feb 2011 10:39:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Matthijs Kooijman <matthijs@stdin.nl>
To: submit@bugs.debian.org
Subject: alioth.debian.org: Improper quoting on request-to-join-project-form
Date: Tue, 1 Feb 2011 11:36:31 +0100
[Message part 1 (text/plain, inline)]
Package: www.debian.org

Hi folks,

I hope this is the right place for this report. If not, feel free to
whack me over the head and tell me where to go instead :-)


I've just submitted a request to join a project on Alioth [1]. In the
comment I typed there, I've used a few single quotes. After pressing
submit, the request was correctly submitted (according to the message
shown). Additionally, the comment I typed was shown in the textarea
again, but this time all single quotes were preceded by a backslash.

This looks like some overzealous escaping somewhere (magic_quotes_gpc
perhaps?). It's probably harmless, but it might be an indication that
there is some underlying, more serious problem. (In fact, looking at the
FusionForge source code, it seems there is no explicit escaping in
request.php, so it might very well be that magic_quotes is indeed turned
on. There is also a possibly relevant bug report [1], which seems to be
fixed in the wrong way IMHO).

Gr.

Matthijs

[1]: https://alioth.debian.org/project/request.php?group_id=31226
[2]: http://fusionforge.org/tracker/index.php?func=detail&aid=26&group_id=6&atid=105

[signature.asc (application/pgp-signature, inline)]

Reply sent to Simon Paillard <spaillard@debian.org>:
You have taken responsibility. (Tue, 01 Feb 2011 10:57:04 GMT) Full text and rfc822 format available.

Notification sent to Matthijs Kooijman <matthijs@stdin.nl>:
Bug acknowledged by developer. (Tue, 01 Feb 2011 10:57:04 GMT) Full text and rfc822 format available.

Message #10 received at 611717-done@bugs.debian.org (full text, mbox):

From: Simon Paillard <spaillard@debian.org>
To: Matthijs Kooijman <matthijs@stdin.nl>, 611717-done@bugs.debian.org
Subject: Re: Bug#611717: alioth.debian.org: Improper quoting on request-to-join-project-form
Date: Tue, 1 Feb 2011 11:53:42 +0100
Hi,

On Tue, Feb 01, 2011 at 11:36:31AM +0100, Matthijs Kooijman wrote:
> Package: www.debian.org
> 
> I hope this is the right place for this report. If not, feel free to
> whack me over the head and tell me where to go instead :-)

Alioth team is different than www team, and they have their own bug tracker on
alioth itself.

http://wiki.debian.org/Teams/Alioth
Interacting with the team
	Email contact: admin@alioth.debian.org
	Request tracker: http://alioth.debian.org/tracker/?func=add&group_id=1&atid=200001

> I've just submitted a request to join a project on Alioth [1]. In the
> comment I typed there, I've used a few single quotes. After pressing
> submit, the request was correctly submitted (according to the message
> shown). Additionally, the comment I typed was shown in the textarea
> again, but this time all single quotes were preceded by a backslash.
> 
> This looks like some overzealous escaping somewhere (magic_quotes_gpc
> perhaps?). It's probably harmless, but it might be an indication that
> there is some underlying, more serious problem. (In fact, looking at the
> FusionForge source code, it seems there is no explicit escaping in
> request.php, so it might very well be that magic_quotes is indeed turned
> on. There is also a possibly relevant bug report [1], which seems to be
> fixed in the wrong way IMHO).
> 
> Gr.
> 
> Matthijs
> 
> [1]: https://alioth.debian.org/project/request.php?group_id=31226
> [2]: http://fusionforge.org/tracker/index.php?func=detail&aid=26&group_id=6&atid=105
> 



-- 
Simon Paillard




Message #11 received at 611717-done@bugs.debian.org (full text, mbox):

From: Gerfried Fuchs <rhonda@deb.at>
To: Matthijs Kooijman <matthijs@stdin.nl>, 611717-done@bugs.debian.org
Subject: Re: Bug#611717: alioth.debian.org: Improper quoting on request-to-join-project-form
Date: Tue, 1 Feb 2011 11:59:53 +0100
        Hi!

* Matthijs Kooijman <matthijs@stdin.nl> [2011-02-01 11:36:31 CET]:
> Package: www.debian.org
> 
> Hi folks,
> 
> I hope this is the right place for this report. If not, feel free to
> whack me over the head and tell me where to go instead :-)

 *whacks* ;)  For those pages that the webteam is responsible for this
is marked in the footer - and it usually can be expected to be in the
footer.  For alioth though, this seems to be only listed on the entry
page itself, in the introduction paragraph:

| In case of problems please submit a report on the Support Request
| tracker of the [Site Admin] project.
| <https://alioth.debian.org/projects/siteadmin/>

 You can also reach them on irc.debian.org in #alioth, like mentioned in
their FAQ <http://wiki.debian.org/Alioth/FAQ> on the wiki.

 Enjoy,
Rhonda
-- 
"What are the differences between Mark Zuckerberg and me? I give private
 information on corporations to you for free, and I'm a villain.
 Zuckerberg gives your private information to corporations for money and
 he's Man of the Year."         -- Julian Assange




Information forwarded to debian-bugs-dist@lists.debian.org, Debian WWW Team <debian-www@lists.debian.org>:
Bug#611717; Package www.debian.org. (Tue, 01 Feb 2011 11:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Matthijs Kooijman <matthijs@stdin.nl>:
Extra info received and forwarded to list. Copy sent to Debian WWW Team <debian-www@lists.debian.org>. (Tue, 01 Feb 2011 11:27:05 GMT) Full text and rfc822 format available.

Message #16 received at 611717@bugs.debian.org (full text, mbox):

From: Matthijs Kooijman <matthijs@stdin.nl>
To: Gerfried Fuchs <rhonda@deb.at>
Cc: 611717@bugs.debian.org
Subject: Re: Bug#611717: alioth.debian.org: Improper quoting on request-to-join-project-form
Date: Tue, 1 Feb 2011 12:05:04 +0100
[Message part 1 (text/plain, inline)]
Hi Simon & Rhonda,

>  *whacks* ;)  For those pages that the webteam is responsible for this
> is marked in the footer - and it usually can be expected to be in the
> footer.  For alioth though, this seems to be only listed on the entry
> page itself, in the introduction paragraph:
Thanks for your constructive whack, I should probably have found that
tracker myself (though in my defense, Google showed up at least one
other bug report in the past concerning alioth that was reported to this
same package).

I'll go bug the right people now.

Gr.

Matthijs
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 02 Mar 2011 07:32:14 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 07:52:04 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.