|
|
Do you have any 3rd party plugins installed? |
|
|
|
This is the list of installed plugins:
BasicAuth Plugin 0.01, Import/Export issues 2.26.0, MantisBT Core 2.26.0, MantisBT Formatting 2.26.0
I use the setting "$g_show_realname = ON;". But setting this to "OFF" shows the same behaviour.
The html code looks like shown below: |
|
|
|
I was not able to reproduce the issue using the given informaion.
I tried also various MantisBT Formatting plugin settings, but didn't encounter the issue.
Did you run admin/check/index.php and fixed all errors and/or warnings?
Do you see any errors or warnings in your PHP and/or web server logs?
Do you see any errors in your browser console?
Which PHP version do you use? |
|
|
|
Are you sure your filter_fom_api.php has not been modified locally vs the original distribution file [1] ? |
|
|
|
Thank you for your quick response. I will answer your question as follows:
- admin check: Looks good for me - attached anyway
- php/web server logs: none concerning MantisBT
- browser console: no errors, just a few css warnings
- php version: Apache/2.4.39 (Win64), PHP/7.3.5
- changes to filter_from_api.php: I've compared the whole directory to freshly downloaded 2.26.0 and reverted all my changes. No difference.
Admin_check.htm (12,022 bytes)
<!DOCTYPE html>
<html><head>
<meta http-equiv="Content-type" content="text/html; charset=UTF-8">
<title>MantisBT Administration - Check Installation - MantisBT</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/default.css">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/dropzone-5.5.0.min.css">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/bootstrap-3.4.1.min.css">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/font-awesome-4.7.0.min.css">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/fonts.css">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/bootstrap-datetimepicker-4.17.47.min.css">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/ace.min.css">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/ace-mantis.css">
<link rel="stylesheet" type="text/css" href="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/ace-skins.min.css">
<link rel="shortcut icon" href="https://<deleted>/mantis/images/favicon.ico" type="image/x-icon">
<link rel="search" type="application/opensearchdescription+xml" title="MantisBT: Volltextsuche" href="https://<deleted>/mantis/browser_search_plugin.php?type=text">
<link rel="search" type="application/opensearchdescription+xml" title="MantisBT: Suche nach Eintrags-ID" href="https://<deleted>/mantis/browser_search_plugin.php?type=id">
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/javascript_config.php"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/javascript_translations.php"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/jquery-2.2.4.min.js"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/dropzone-5.5.0.min.js"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/common.js"></script>
</head>
<body class="skin-3">
<style>
* { font-family: "Open Sans"; }
h1, h2, h3, h4, h5 { font-family: "Open Sans"; }
</style>
<div id="navbar" class="navbar navbar-default navbar-collapse navbar-fixed-top noprint"><div id="navbar-container" class="navbar-container"><button id="menu-toggler" type="button" class="navbar-toggle menu-toggler pull-left hidden-lg hidden-md" data-target="#sidebar"><span class="sr-only">Toggle sidebar</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></button><div class="navbar-header"><a href="https://<deleted>/mantis/my_view_page.php" class="navbar-brand"><span class="smaller-75"> MantisBT </span></a><button type="button" class="navbar-toggle navbar-toggle collapsed pull-right hidden-sm hidden-md hidden-lg" data-toggle="collapse" data-target=".navbar-buttons,.navbar-menu"><span class="sr-only">Toggle user menu</span></button></div><div class="navbar-buttons navbar-header navbar-collapse collapse"><ul class="nav ace-nav"></ul></div></div></div><div class="main-container" id="main-container" style="padding-top: 45px;">
<div class="space-10"></div>
<ul class="nav nav-tabs padding-18">
<li><a href="https://<deleted>/mantis/admin/index.php"><i class="fa fa-info-circle blue ace-icon"></i></a></li>
<li class="active"><a href="https://<deleted>/mantis/admin/check/index.php">Check Installation</a></li>
<li><a href="https://<deleted>/mantis/admin/system_utils.php">System Utilities</a></li>
<li><a href="https://<deleted>/mantis/admin/test_langs.php">Test Lang</a></li>
<li><a href="https://<deleted>/mantis/admin/email_queue.php">Email Queue</a></li>
</ul>
<div class="col-md-12 col-xs-12">
<div class="space-10"></div>
<div class="widget-box widget-color-blue2">
<div class="widget-header widget-header-small">
<h4 class="widget-title lighter">
Checking your MantisBT installation...
</h4>
</div>
<div class="widget-body">
<div class="widget-toolbox padding-8 clearfix">
Verbosity: <a href="https://<deleted>/mantis/admin/check/index.php?show_all=1&show_errors=0">Show passed tests</a> | <a href="https://<deleted>/mantis/admin/check/index.php?show_all=0&show_errors=1">Show verbose error messages</a> </div>
<div class="widget-main no-padding">
<div class="table-responsive">
<table class="table table-bordered table-condensed">
<tbody><tr>
<td colspan="2" class="thead2"><strong>PHP</strong></td>
</tr>
<tr>
<td>display_errors php.ini directive is disabled<br><em>For security reasons this directive should be disabled on all production and Internet facing servers.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td>display_startup_errors php.ini directive is disabled<br><em>For security reasons this directive should be disabled on all production and Internet facing servers.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Database</strong></td>
</tr>
<tr>
<td>MySQL Lifecycle and Release Support data availability<br><em>Release information for MySQL 10.1 series is not available, unable to perform the lifecycle checks.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Configuration</strong></td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Paths</strong></td>
</tr>
<tr>
<td>core_path configuration option is set to a path outside the web root<br><em>For increased security it is recommended that you move the core_path directory outside the web root.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td>class_path configuration option is set to a path outside the web root<br><em>For increased security it is recommended that you move the class_path directory outside the web root.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td>library_path configuration option is set to a path outside the web root<br><em>For increased security it is recommended that you move the library_path directory outside the web root.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td>config_path configuration option is set to a path outside the web root<br><em>For increased security it is recommended that you move the config_path directory outside the web root.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td>language_path configuration option is set to a path outside the web root<br><em>For increased security it is recommended that you move the language_path directory outside the web root.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td>Directory <em><a href="https://<deleted>/mantis/doc">doc</a></em> does not need to exist within the MantisBT root<br><em>The doc directory within the MantisBT root should be removed as it is not needed for the live operation of MantisBT.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Webservice</strong></td>
</tr>
<tr>
<td>SOAP Extension Enabled<br><em>Enable the PHP SOAP extension.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Cryptography</strong></td>
</tr>
<tr>
<td>login_method is set to MD5<br><em>MD5 password encryption is currently the strongest password storage method supported by MantisBT.</em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Internationalization</strong></td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Localization</strong></td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Email</strong></td>
</tr>
<tr>
<td>All users must have an e-mail address<br><em>10 users without e-mail address found: <deleted> </a></em></td>
<td class="alert alert-danger">FAIL</td>
</tr>
<tr>
<td>There are no duplicate email addresses, regardless of case<br><em>9 duplicate e-mail addresses found: <deleted> </em></td>
<td class="alert alert-warning">WARN</td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Anonymous access</strong></td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Attachments</strong></td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Display</strong></td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Custom Fields</strong></td>
</tr>
<tr>
<td colspan="2" class="thead2"><strong>Plugins</strong></td>
</tr>
</tbody></table>
</div>
</div>
</div>
</div>
<div class="space-10"></div>
<div class="alert alert-danger" id="check-notice-failed">
Some tests failed. Please review, correct them and run the checks again before using MantisBT.
</div>
<div class="alert alert-danger" id="notice-delete-admin">
For security reasons, you should delete (or at least restrict access to) the
<em>admin</em> directory.
Refer to the <a href="http://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.install.postcommon">
MantisBT Admin Guide</a>
for further details.
</div>
</div>
<div class="clearfix"></div>
<div class="space-20"></div>
<div class="footer noprint">
<div class="footer-inner">
<div class="footer-content">
<div class="col-md-6 col-xs-12 no-padding">
<address>
<strong>Powered by <a href="https://www.mantisbt.org/" title="bug tracking software">MantisBT 2.26.0</a></strong> <br>
<small>Copyright © 2000 - 2024 MantisBT Team</small><br><small>Kontaktieren Sie den <a href="<deleted>" title="Den Webmaster per E-Mail kontaktieren.">Administrator</a> bei Problemen</small><br>
</address>
</div>
<div class="col-md-6 col-xs-12">
<div class="pull-right" id="powered-by-mantisbt-logo">
<a href="https://www.mantisbt.org/" title="Mantis Bug Tracker: a free and open source web based bug tracking system."><img src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/mantis_logo.png" alt="Powered by Mantis Bug Tracker: a free and open source web based bug tracking system." width="102" height="35"></a>
</div>
</div>
</div>
</div>
</div>
<a class="btn-scroll-up btn btn-sm btn-inverse" id="btn-scroll-up" href="#">
<i class="fa fa-angle-double-up ace-icon icon-only bigger-110"></i>
</a>
</div>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/bootstrap-3.4.1.min.js"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/moment-with-locales-2.29.4.min.js"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/bootstrap-datetimepicker-4.17.47.min.js"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/typeahead.jquery-1.3.0.min.js"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/list-2.3.1.min.js"></script>
<script type="text/javascript" src="MantisBT%20Administration%20-%20Check%20Installation%20-%20MantisBT-Dateien/ace.min.js"></script>
</body></html>
|
|
|
|
Can you add var_dump($t_output, string_display( $t_output )); at the end of print_filter_values_handler_id() function and provide screenshot of output |
|
|
|
nebjanim,
You did not provide any feedback; I am therefore resolving this issue as "unable to reproduce".
Feel free to reopen the issue at a later time and provide the requested information. |
|
|
|
Sorry, I've been very busy the last few days.
Here is the screenshot you requested. I have filtered two names and made them unrecognizable in the screenshot and replaced them with placeholders. |
|
|
|
I believe I found the root cause.
Did you change the default value for the following configs ? If so, please post the values (I suspect you have removed br from the list of allowed tags)
- $g_html_valid_tags
- $g_html_valid_tags_single_line
|
|
|
|
Your assumption is correct.
$g_html_valid_tags = 'b, i, u';
I have not overwritten the other variable.
Is there a connection that should have been clear to me? |
|
|
|
Is there a connection that should have been clear to me?
No it was not obvious at all.
I ended up tracing through the code to see exactly what was happening, and it turns out that the final step of text processing in MantisCoreFormatting plugin (processText() method) calls string_restore_valid_html_tags(), which basically undoes the effect of earlier htmlspecialchars() for allowed tags. This explains why @atrol and I could not reproduce the problem, because we both tested with standard settings, and br is allowed in $g_html_valid_tags by default.
So now that the reason for the behavior has been clarified, I can confirm that the workaround you proposed initially
I changed in the function print_filter_values_handler_id the line "echo string_display( $t_output );" to "echo $t_output;".
is correct.
I will prepare a fix. |
|
|
|
PR https://github.com/mantisbt/mantisbt/pull/1982 |
|
|
|
I have implemented the changes. The problem is no longer repeatable.
Many thanks for your help. |
|
