[Phpmyadmin-devel] Newlines in error reporting server

Isaac Bennetch bennetch at gmail.com
Wed Oct 23 22:09:55 CEST 2013



On 10/23/13 5:18 AM, Michal Čihař wrote:
> Hi
> 
> Dne Wed, 23 Oct 2013 09:28:12 +0200
> Piotr Przybylski <piotr.prz at gmail.com> napsal(a):
> 
>> 2013/10/23 Michal Čihař <michal at cihar.com>
>>
>>> Hi
>>>
>>> Dne Tue, 22 Oct 2013 20:48:14 -0400
>>> Isaac Bennetch <bennetch at gmail.com> napsal(a):
>>>
>>>> In the user description field of the error reporting server, new lines
>>>> are represented as \n rather than <br> or some other HTML-friendly
>>>> means. This is easy to fix, however I'm not sure where best to fix it.
>>>>
>>>> Do we convert the raw input before submission (line 58 of
>>>> libraries/error_report.lib.php or on display (line 88 of
>>>> app/View/Incidents/view.ctp)? I think it's best to do it on submission,
>>>> but wanted to double-check first.
>>>
>>> Doing this on submission time would bring HTML into the server and we
>>> would have to do some sanity checking on it while displaying...
>>>
>>
>> I don't think users should be allowed to any HTML in bug reports. It will
>> be much simpler then:
> 
> I agree to that. I just wanted to mention that in case we would do
> processing on the client side, it would make it harder later.
> 
>> 1. Unescape all escape sequences before storing them on our server, eg. \n
>> -> newline
> 
> I haven't checked the code, but I doubt user has entered \n, I think
> there is rather some escaping done which converted newlines into \n.
> 
>> 2. Use nl2br before displaying, or wrap text with HTML block element with:
>>     white-space: -moz-pre-wrap; /* Firefox */
>>     white-space: -o-pre-wrap; /* Opera */
>>     white-space: pre-wrap; /* Chrome; W3C standard */
>>     word-wrap: break-word; /* IE */
>> It may require some tweaking, but it's doable in CSS.
> 
> Using nl2br is probably easier.

Thanks everyone for the comments. I wasn't able to test my patch, but it
should be fixed by pull request at
https://github.com/phpmyadmin/error-reporting-server/pull/21




More information about the Developers mailing list