Html::escape() can lead to maxlength of media or group ref_char being exceeded

Created on 23 May 2024, 4 months ago

Updated 1 July 2024, 3 months ago

Problem/Motivation

This applies both to the media and the group submodules.

Those use Html::escape() on the respective entity's label before storing it as the ref_char for the events log entry. The ref_char column can contain up to 255 characters, same as the media name/label (and, presumably the group label, as well, though I did not check). However, due to the Html::escape() call, the resulting string can exceed 255 characters, even if the original label does not.

When saving such a media entity, the events log recording fails with a database exception.

Steps to reproduce

For example, a media with the name/label of ''''''''''''''''''''''''''''''''''''''''''' (43 characters all single quotes), the resulting ref_char will be
''''''''''''''''''''''''''''''''''''''''''' (258 characters).

Proposed resolution

Not sure, either remove the Html::escape() call or manually truncate the result if it's longer than 255 characters.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Fixed

Version

4.0

Component

Code

Created by

🇩🇪Germany tstoeckler Essen, Germany

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @tstoeckler
Comment 3 months ago →
System Message

smustgrave → committed 40040560 on 4.0.x
Issue #3449348 by tstoeckler: Html::escape() can lead to maxlength of...
Status changed to Fixed 3 months ago4:23pm 17 June 2024
Comment 3 months ago →
🇺🇸United States smustgrave
I don't think there is an issue removing, couldn't see why it was originally added.
Comment 3 months ago →
🇩🇪Germany tstoeckler Essen, Germany
Awesome thanks!
Comment 3 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024