fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2012-02-18 06:54 am
  • Add Memory
  • Share This Entry

[dw-free] HTML for e-mail comment notifications does not include user pic alt text

[commit: http://hg.dwscoalition.org/dw-free/rev/1161dc21aa0d]

http://bugs.dwscoalition.org/show_bug.cgi?id=2772

Add the icon alt text.

Patch by [personal profile] deborah.

Files modified:
  • cgi-bin/LJ/Comment.pm
--------------------------------------------------------------------------------
diff -r 3bcc18c882aa -r 1161dc21aa0d cgi-bin/LJ/Comment.pm
--- a/cgi-bin/LJ/Comment.pm	Sat Feb 18 14:42:05 2012 +0800
+++ b/cgi-bin/LJ/Comment.pm	Sat Feb 18 14:54:39 2012 +0800
@@ -1439,9 +1439,11 @@
             my ( $pic, $pic_kw ) = $self->userpic;
 
             if ( $pic && $pic->load_row ) {
-                $pichtml = "<img src=\"$LJ::USERPIC_ROOT/$pic->{picid}/$pic->{userid}\" align='absmiddle' ".
-                    "width='$pic->{width}' height='$pic->{height}' ".
-                    "hspace='1' vspace='2' alt='' /> ";
+                $pichtml = "<img src=\"$LJ::USERPIC_ROOT/$pic->{picid}/$pic->{userid}\" align='absmiddle' "
+                    . "width='$pic->{width}' height='$pic->{height}' "
+                    . "hspace='1' vspace='2' alt='"
+                    . $pic->alttext( $pic_kw ) 
+                    . "' /> ";
             }
         }
 
--------------------------------------------------------------------------------
Flat | Top-Level Comments Only
pne: A picture of a plush toy, halfway between a duck and a platypus, with a green body and a yellow bill and feet. (Default)

[personal profile] pne 2012-02-18 01:20 pm (UTC)(link)
What happens if the image alttext contains an apostrophe? (aka: HTML injection, ahoy!)

Or is that sanitised earlier?
pauamma: Cartooney crab wearing hot pink and acid green facemask holding drink with straw (Default)

[personal profile] pauamma 2012-02-19 01:25 pm (UTC)(link)
LJ::Userpic->alttext returns LJ::ehtml( $alt ). In turn, LJ::ehtml takes care of 's (among characters) with $a =~ s/\'/&\#39;/g;.
deborah: the Library of Congress cataloging numbers for children's literature, technology, and library science (Default)

[personal profile] deborah 2012-02-21 02:09 pm (UTC)(link)
which is new as of bug 2773. It used to return the bare alt and rely on calling methods to do the sanitation for the excellent reason that -- look, a monkey!
pauamma: Cartooney crab wearing hot pink and acid green facemask holding drink with straw (Default)

[personal profile] pauamma 2012-02-21 02:23 pm (UTC)(link)
"Pic monkey think maybe caller sanitize goddamn alt tag itself"?
Flat | Top-Level Comments Only