Closed (fixed)
Project:
Apache Solr Search
Version:
6.x-2.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
5 Jan 2010 at 23:17 UTC
Updated:
3 Jan 2014 at 01:08 UTC
Jump to comment: Most recent
Comments
Comment #1
jpmckinney commentedI can reproduce the problem.
You can't compare apachesolr_commentsearch_node_to_comments to apachesolr_node_to_document, as apachesolr_node_to_document uses the author's Drupal username, which we can safely assume contains no HTML special characters (usernames containing such characters are invalid). But a comment author's name isn't validated like a Drupal username.
Anyway, the problem is that
theme('username', $doc)inapachesolr_search_process_responseruns some comment author's names through check_plain, which double encodes the special characters. I'm not sure what is best to do in this case while still maintaining security. pwolanin should have a look.Comment #2
jpmckinney commentedComment #3
jpmckinney commentedComment #4
jpmckinney commentedComment #5
jpmckinney commentedAdd tag
Comment #6
jpmckinney commentedActually, it looks like theme('username') is safe, and it will check plain the user name.
Comment #7
jpmckinney commented