@anonymous-piwik-user opened this Issue on March 2nd 2009

The superuser username " cannot be used as of changeset 949. It couldn't really be used before because of a different bug.

This may not cause problems as the username is unlikely to be ", but some other value or plugin or other future configuration may be surprised by the special handling here and assume all characters are safe.

Lines 136 and 216 are the offending statements:

136 $value = str_replace('"', """, $value); 

216 $value = str_replace(""", '"', $value);

Suggestion: Use the PHP built-in functions htmlspecialchars and html_entity_decode instead.

@mattab commented on March 9th 2009 Member

fixed in [973]

@anonymous-piwik-user commented on March 9th 2009

awesome thanks

This Issue was closed on March 9th 2009
Powered by GitHub Issue Mirror