Bug #40698 Re-use search term in the quicksearch input field

16 years ago by retricek@gmail.com — view source

unread

My first patch (very easy). I have one more idea about this. The text
will stay in intputbox only if not found. What do you think ?
Bug is mentioned here : http://bugs.php.net/bug.php?id=40698

I was studying bug tracker code, because of GSOC. I want to join one
idea about bug tracker (improve him). Now, I'm searching for some bugs
in tracker to repair. So next patches will be posted soon.
If anyone know some bug or have some idea connected with improving
bugtracker please write me.

16 years ago by retricek@gmail.com — view source

unread

Sorry, forgot to post diff file inside message (I attached it only).

Index: php-bugs-web/include/layout.inc
--- php-bugs-web/include/layout.inc Base (1.33)
+++ php-bugs-web/include/layout.inc Locally Modified (Based On 1.33)
@@ -220,7 +220,7 @@
<input type="hidden" name="cmd" value="display" />
<td align="right" valign="top" colspan="2" nowrap><font color="#ffffff">
<small>go to bug id or search bugs for</small>

   <input class="small" type="text" name="search_for" value=""

size="30" />

   <input class="small" type="text" name="search_for"

value="<?php if(isset($_GET['search_for'])) echo $_GET['search_for'];
?>" size="30" />
<?php echo make_submit('small_submit_white.gif', 'search',
'bottom');?> <br>
</font></td>
</form>

My first patch (very easy). I have one more idea about this. The text
will stay in intputbox only if not found. What do you think ?
Bug is mentioned here : http://bugs.php.net/bug.php?id=40698

I was studying bug tracker code, because of GSOC. I want to join one
idea about bug tracker (improve him). Now, I'm searching for some bugs
in tracker to repair. So next patches will be posted soon.
If anyone know some bug or have some idea connected with improving
bugtracker please write me.

16 years ago by Stefan Esser — view source

unread

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Josef,

before you want to commit something to the PHP bugs website, you should
recheck your code for obvious XSS bugs in it...

   <input class="small" type="text" name="search_for"
value="<?php if(isset($_GET['search_for'])) echo $_GET['search_for'];
?>" size="30" />

Greets,
Stefan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknNIzMACgkQSuF5XhWr2njSZwCfTsKMpEM+/q4w8jwx8w2rqLFt
EHIAnjpNDsqAS0MdERmWNUHETS2QXLHQ
=477X
-----END PGP SIGNATURE

16 years ago by retricek@gmail.com — view source

unread

ok, but Mike Bretz wrote that it will be better to mark this bug as
"Bogus" according to all browsers auto-form completion function.
This patch was written very fast, without thinking. Next time I spend
more time to focus on security.

ok, what about these bugs :
http://bugs.php.net/bug.php?id=46663
http://bugs.php.net/bug.php?id=40696

Will be any improvement to focus on these bugs ?
Thank you for fast response.

Dne 27. březen 2009 20:04 Stefan Esser stefan.esser@sektioneins.de napsal(a):

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Josef,

before you want to commit something to the PHP bugs website, you should
recheck your code for obvious XSS bugs in it...

<input class="small" type="text" name="search_for" value="<?php if(isset($_GET['search_for'])) echo $_GET['search_for']; ?>" size="30" />

Greets,
Stefan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknNIzMACgkQSuF5XhWr2njSZwCfTsKMpEM+/q4w8jwx8w2rqLFt
EHIAnjpNDsqAS0MdERmWNUHETS2QXLHQ
=477X
-----END PGP SIGNATURE

16 years ago by Kalle Sommer Nielsen — view source

unread

Hi Josef

2009/3/27 Josef Šimánek retricek@gmail.com:

ok, but Mike Bretz wrote that it will be better to mark this bug as
"Bogus" according to all browsers auto-form completion function.
This patch was written very fast, without thinking. Next time I spend
more time to focus on security.

ok, what about these bugs :
http://bugs.php.net/bug.php?id=46663
http://bugs.php.net/bug.php?id=40696

Will be any improvement to focus on these bugs ?
Thank you for fast response.

If you can come up with a good enough patch and idea to resolve the
issue I don't see any reason for why they wouldn't be accepted. Both
of them seems pretty straight forward, for example for #46663, a
checkbox that can be checked to "search comments only" could be added
and then modify the results page to snow a snippet of the comment that
matches.

--

--
Kalle Sommer Nielsen
kalle@php.net

16 years ago by retricek@gmail.com — view source

unread

OK, nice idea about that search in comments bug. I try to code it tonight.
Next, I found some illogical code in bug tracker source code. For
example, there is a file (include/config.php) with mysql access but it
is not using, but there are some pages using mysql_connect function
followed by mysql_select_db without constants defined in that file. I
think there is no reason for this, is there ?

2009/3/27 Kalle Sommer Nielsen kalle@php.net:

Hi Josef

2009/3/27 Josef Šimánek retricek@gmail.com:

ok, but Mike Bretz wrote that it will be better to mark this bug as
"Bogus" according to all browsers auto-form completion function.
This patch was written very fast, without thinking. Next time I spend
more time to focus on security.

ok, what about these bugs :
http://bugs.php.net/bug.php?id=46663
http://bugs.php.net/bug.php?id=40696

Will be any improvement to focus on these bugs ?
Thank you for fast response.

If you can come up with a good enough patch and idea to resolve the
issue I don't see any reason for why they wouldn't be accepted. Both
of them seems pretty straight forward, for example for #46663, a
checkbox that can be checked to "search comments only" could be added
and then modify the results page to snow a snippet of the comment that
matches.

--

--
Kalle Sommer Nielsen
kalle@php.net

16 years ago by Philip Olson — view source

unread

Greetings Josef,

Nice, you're already looking at code and proposing patches! :)

My first patch (very easy). I have one more idea about this. The
text
will stay in intputbox only if not found. What do you think ?
Bug is mentioned here : http://bugs.php.net/bug.php?id=40698

Seems logical, except bugsweb has a clean() function that should be
used when presenting user data. However, I would prefer we mark the
bug as Won't Fix and suggest these users use the advanced search
instead.

I was studying bug tracker code, because of GSOC. I want to join one
idea about bug tracker (improve him). Now, I'm searching for some
bugs
in tracker to repair. So next patches will be posted soon.
If anyone know some bug or have some idea connected with improving
bugtracker please write me.

As we previously discussed in private, scouring the list archives (and
wikis) for peoples ideas and coming up with a simple plan seems the
best way to go. We don't need a complete rewrite but some change (and
clean up) is needed. Whether we take this opportunity to combine PECL
(and GTK) I'm not sure but let's discuss it.

Regards,
Philip