Fixes required for HTMLSafe compatability - JIRA Timesheet Reports and Gadgets Plugin 2.3.14

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: High
    • None
    • Affects Version/s: 6.0-OD-11/Beta1, 6.0
    • Component/s: None
    • 6

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      JIRA Timesheet Reports and Gadgets Plugin 2.3.14 contains values which are double escaped as a result of HTMLSafe being turned on as default. Please follow the Velocity Templates guide here to ensure that values are not double escaped

      1) The following displayed values are being double escaped as a result of HTMLSafe being turned on as default on following reports.

      • Timesheet Report
        • Timesheet report date heading
        • Additional Fields - Linked Issues and Time Tracking
        • Displayed linked issues (when grouping by Linked Issues)
        • Logged work comments
      • Pivot Report
        • Additional Fields - Linked Issues and Time Tracking

      Please see attached images for examples

      2) The link URL for configuring the pivot or timesheets report is not being escaped properly when two or more query parameters are added to the URL

      e.g. from pivot-report.vm:

      #set($configure = "$req.contextPath/secure/ConfigureReport!default.jspa?startDate=$textUtil.urlencode($dpDate.format($startDate))&endDate=$textUtil.urlencode($dpDate.format($endDate))&reportKey=jira-timesheet-plugin:projectpivot")
        #if ($showIssues)
            #set ($colspan = 5 + $moreFields.size())
			#foreach ($field in $moreFields)
                #set($configure = "$configure&moreFields=$textUtil.urlencode($field)")
			#end
            <th class="colHeaderLink" colspan="$colspan" width="1%" style="color: #000;">&nbsp;</th>
        #else
            <th class="colHeaderLink" colspan="3" width="1%" style="color: #000;">
        #end
        $i18n.getText("report.pivot.startdate"): <b>$outlookDate.format($startDate)</b> $i18n.getText("report.pivot.enddate"): <b>$outlookDate.format($endDate)</b>
        #if ($projectId) 
            #set($configure = "$configure&projectid=$textUtil.urlencode($projectId)")
        #end
        #if ($filterId)
            #set($configure = "$configure&filterid=$textUtil.urlencode($filterId)")
        #end

      If project and filter are specified (for example), the URL is encoded as:

      https://kyubey.jira-dev.com/secure/ConfigureReport!default.jspa?startDate=13%2FMar%2F13&amp;endDate=19%2FMar%2F13&amp;reportKey=jira-timesheet-plugin:projectpivot&projectid=10204&filterid=10100

      This results in user not being able to click the link to configure the report:

        1. timesheet_report_invalid_key.png
          timesheet_report_invalid_key.png
          16 kB

            Assignee:
            Unassigned
            Reporter:
            GeoffreyA (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: