Details

    • Branch Version/s:
      6.1.x
    • Backported to Branch:
      Committed
    • Similar Issues:
      Show 5 results 

      Description

      In a lot of places, we call:

      <%= HtmlUtil.escape(PortalUtil.getUserName(curArticle.getUserId(), curArticle.getUserName())) %>

      The problem is, what if curArticle is an escaped model? If the user with curArticle.getUserId() no longer exists, we'll return curArticle.getUserName() which is escaped, and we'll escape things again.

      One solution would be to remove HtmlUtil.escape, but that breaks too because if the user is not deleted, then we'll fetch the user from the db, and return an unescaped user name.

      So the proper fix is to create a new method called PortalUtil.getUserName(auditedModel). It'll take in a auditedModel and return the user name in an escaped fashion if the input auditedModel was escaped, and return an unescaped user name if the audited model was not escaped.

        Issue Links

          Activity

          Hide
          Brian Chan added a comment -

          This is technically an improvement, but will be required for bug fixes like LPS-27067

          Show
          Brian Chan added a comment - This is technically an improvement, but will be required for bug fixes like LPS-27067
          Hide
          Matthew Lee (Inactive) added a comment -

          Committed on:
          Portal 6.2.x GIT ID: 1f85edcf8df81093028821c909a0bf1809f62387.

          Show
          Matthew Lee (Inactive) added a comment - Committed on: Portal 6.2.x GIT ID: 1f85edcf8df81093028821c909a0bf1809f62387.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development

                  Structure Helper Panel