08772: Escaping single quotes in gT translation method output string isn't safe

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

08772	Bug reports	Translation	public	2014-02-26 14:09	2014-02-26 17:32

Reporter	minnoce	Assigned To	DenisChenu
Priority	normal	Severity	minor
Status	closed	Resolution	fixed
Product Version	2.05+
Fixed in Version	2.05+

Summary	08772: Escaping single quotes in gT translation method output string isn't safe
Description	The "gT" translation method returns a translation string for the input (english) string, escaping single quotes (with a backslash "\"). When this string is printed in HTML between single quotes, the result is an invalid HTML syntax.
Additional Information	Look e.g. at "application/helpers/replacements_helper.php", line 377 (limesurvey205plus-build140217): ... title='".$clang->gT("Are you sure you want to clear all your responses?", 'js')."' ... The output produced by "gT" method using the Italian translation (it.mo) is: ... title='Procedere nell\'eliminazione di tutte le risposte?' producing invalid HTML syntax.
Tags	No tags attached.

Bug heat	4
Complete LimeSurvey version number (& build)	140217
I will donate to the project if issue is resolved	No
Browser
Database type & version	MySQL 5.1
Server OS (if known)	Linux
Webserver software & version (if known)	Apache
PHP Version	5.3

User List	There are no users monitoring this issue.

c_schmitz 2014-02-26 15:31 administrator ~28956	Title attribute is no JS

DenisChenu 2014-02-26 17:25 developer ~28957	I'm silly ....

DenisChenu 2014-02-26 17:32 developer ~28959	Already fixed, new system (don't use title)

LimeSurvey: master b47f30c1 2014-02-18 10:20 DenisChenu Details Diff	Fixed issue 08735: "Exit and clear survey" css style for shiped template Dev: fix some issue with IE7 Dev: add button class to some other submit button	Affected Issues 08735, 08772
	mod - application/helpers/frontend_helper.php	Diff File
	mod - application/helpers/replacements_helper.php	Diff File
	mod - scripts/survey_runtime.js	Diff File
	mod - templates/basic/template.css	Diff File
	mod - templates/bluengrey/template.css	Diff File
	mod - templates/citronade/template.css	Diff File
	mod - templates/default/template.css	Diff File
	mod - templates/eirenicon/template.css	Diff File
	mod - templates/limespired/template.css	Diff File
	mod - templates/mint_idea/template.css	Diff File
	mod - templates/sherpa/template.css	Diff File
	mod - templates/vallendar/template.css	Diff File

Date Modified	Username	Field	Change
2014-02-26 14:09	minnoce	New Issue
2014-02-26 15:08	c_schmitz	Assigned To	=> c_schmitz
2014-02-26 15:08	c_schmitz	Status	new => assigned
2014-02-26 15:10	c_schmitz	Assigned To	c_schmitz => DenisChenu
2014-02-26 15:31	c_schmitz	Note Added: 28956
2014-02-26 17:25	DenisChenu	Note Added: 28957
2014-02-26 17:31	DenisChenu	Changeset attached	=> LimeSurvey master b47f30c1
2014-02-26 17:31	DenisChenu	Relationship added	related to 08735
2014-02-26 17:32	DenisChenu	Note Added: 28959
2014-02-26 17:32	DenisChenu	Status	assigned => closed
2014-02-26 17:32	DenisChenu	Resolution	open => fixed
2014-02-26 17:32	DenisChenu	Fixed in Version	=> 2.05+