Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes row evolution for rows containing encoded entities #19490

Merged
merged 4 commits into from Jul 14, 2022
Merged

Fixes row evolution for rows containing encoded entities #19490

merged 4 commits into from Jul 14, 2022

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Jul 7, 2022

Description:

fixes #19485

Review

@sgiehl sgiehl added not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Jul 7, 2022
@sgiehl sgiehl added this to the 4.12.0 milestone Jul 7, 2022
bx80
bx80 suggested changes Jul 11, 2022
View reviewed changes
Copy link
Contributor

@bx80 bx80 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tested the original issue again and it is fixed with this PR 👍

I did notice that the goal name is broken on the goal overview screen and on the evolution chart legend, it's not part of the original issue but it would probably make sense to fix it here too.

m19485-2

m19485-1

@bx80 bx80 removed the Needs Review PRs that need a code review label Jul 11, 2022
@sgiehl sgiehl force-pushed the m19485 branch 2 times, most recently from dee851f to 44d41c5 Compare July 11, 2022 12:29
@sgiehl
Copy link
Member Author

sgiehl commented Jul 11, 2022

@bx80 Those double encoding is actually a side effect of having the goal data automatically sanitized before being stored in the database (See e.g. #4231). I've now adjusted the Goals API so it unsanitizes the data before it's returned. I've tried to check & adjust all usages of the goals to ensure this won't open up any security issues. (There were at least some tooltips where it was possible to inject html code using html in the goal name).
So when reviewing the new changes you should also look through all places where goals are being used.

@sgiehl sgiehl added the Needs Review PRs that need a code review label Jul 11, 2022
@sgiehl sgiehl requested a review from bx80 July 11, 2022 13:05
@sgiehl sgiehl force-pushed the m19485 branch 2 times, most recently from 0711c98 to df278fd Compare July 11, 2022 13:29
bx80
bx80 approved these changes Jul 13, 2022
View reviewed changes
Copy link
Contributor

@bx80 bx80 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've spent some time checking all the places where goal names are used, I can't see any issues. There is one UI screenshot Goals_action_goals_row_evolution.png which needs updating but other than that it all looks good 👍

@sgiehl sgiehl removed the Needs Review PRs that need a code review label Jul 14, 2022
@sgiehl sgiehl merged commit 392ef0b into 4.x-dev Jul 14, 2022
@sgiehl sgiehl deleted the m19485 branch July 14, 2022 07:40
@MatomoForumNotifications
Copy link

This pull request has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/warning-plugins-goals-api-php-117/47716/2

@sgiehl sgiehl mentioned this pull request Mar 20, 2023
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bx80 bx80 bx80 approved these changes

Assignees
No one assigned
Labels
not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
4.12.0
Development

Successfully merging this pull request may close these issues.

Fixes Goal row evolution with double quotes in the goal name resulting in an error
3 participants
@sgiehl @MatomoForumNotifications @bx80