Hello Josef,
I think nobody will refuse you to join efforts to make everything
better... but this patch I would not use to make this specific page
"better". You managed to break the page with this patch since you do not
escape the output of the user supplied input variable. This is a simple
"MUST DO" when outputting user supplied content. A call to
"htmlspecialchars" would fit for what you are trying to do. Also caching
(if there is caching for the output of this inc file) could not be done
anymore, since now the page has user supplied content (and for that is
not cachable anymore). You can forget this argument when there is no
caching - i do not know the bug tracking system.
I personally this the bug should be marked as "Bogus". All browsers
natively support "form completion". I type some letters and my browser
will suggest input I have already done. That is good enough IMHO. When
you "prefill" the field, all people who like to search one term after
the other will have to clear out the field first, and at the moment
there is no "auto clear formfields" function in any browser I use ;)
mike
Josef S(imánek schrieb:
Sorry, forgot to post diff file inside message (I attached it only).
Index: php-bugs-web/include/layout.inc
--- php-bugs-web/include/layout.inc Base (1.33)
+++ php-bugs-web/include/layout.inc Locally Modified (Based On 1.33)
@@ -220,7 +220,7 @@
<input type="hidden" name="cmd" value="display" />
<td align="right" valign="top" colspan="2" nowrap><font color="#ffffff">
<small>go to bug id or search bugs for</small>
- <input class="small" type="text" name="search_for" value=""
size="30" />
+ <input class="small" type="text" name="search_for"
value="<?php if(isset($_GET['search_for'])) echo $_GET['search_for'];
?>" size="30" />
<?php echo make_submit('small_submit_white.gif', 'search',
'bottom');?> <br>
</font></td>
</form>
My first patch (very easy). I have one more idea about this. The text
will stay in intputbox only if not found. What do you think ?
Bug is mentioned here : http://bugs.php.net/bug.php?id=40698
I was studying bug tracker code, because of GSOC. I want to join one
idea about bug tracker (improve him). Now, I'm searching for some bugs
in tracker to repair. So next patches will be posted soon.
If anyone know some bug or have some idea connected with improving
bugtracker please write me.
