[Phpmyadmin-devel] Newlines in error reporting server

Michal Čihař michal at cihar.com
Wed Oct 23 11:18:53 CEST 2013


Hi

Dne Wed, 23 Oct 2013 09:28:12 +0200
Piotr Przybylski <piotr.prz at gmail.com> napsal(a):

> 2013/10/23 Michal Čihař <michal at cihar.com>
> 
> > Hi
> >
> > Dne Tue, 22 Oct 2013 20:48:14 -0400
> > Isaac Bennetch <bennetch at gmail.com> napsal(a):
> >
> > > In the user description field of the error reporting server, new lines
> > > are represented as \n rather than <br> or some other HTML-friendly
> > > means. This is easy to fix, however I'm not sure where best to fix it.
> > >
> > > Do we convert the raw input before submission (line 58 of
> > > libraries/error_report.lib.php or on display (line 88 of
> > > app/View/Incidents/view.ctp)? I think it's best to do it on submission,
> > > but wanted to double-check first.
> >
> > Doing this on submission time would bring HTML into the server and we
> > would have to do some sanity checking on it while displaying...
> >
> 
> I don't think users should be allowed to any HTML in bug reports. It will
> be much simpler then:

I agree to that. I just wanted to mention that in case we would do
processing on the client side, it would make it harder later.

> 1. Unescape all escape sequences before storing them on our server, eg. \n
> -> newline

I haven't checked the code, but I doubt user has entered \n, I think
there is rather some escaping done which converted newlines into \n.

> 2. Use nl2br before displaying, or wrap text with HTML block element with:
>     white-space: -moz-pre-wrap; /* Firefox */
>     white-space: -o-pre-wrap; /* Opera */
>     white-space: pre-wrap; /* Chrome; W3C standard */
>     word-wrap: break-word; /* IE */
> It may require some tweaking, but it's doable in CSS.

Using nl2br is probably easier.

-- 
	Michal Čihař | http://cihar.com | http://phpmyadmin.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20131023/08d820b0/attachment.sig>


More information about the Developers mailing list