Skip to content

Remove encoding of HTML entities by the API#2296

Open
novasam23 wants to merge 5 commits into
masterfrom
2278-bug-changing-forbidden-characters-causes-fatal-error
Open

Remove encoding of HTML entities by the API#2296
novasam23 wants to merge 5 commits into
masterfrom
2278-bug-changing-forbidden-characters-causes-fatal-error

Conversation

@novasam23

Copy link
Copy Markdown
Contributor

Fixes #2278

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adjusts API v2 database-to-JSON string decoding to decode both single and double quotes, aligning it with the existing DB encoding behavior and preventing malformed/incorrect config values (as described in #2278).

Changes:

  • Update html_entity_decode() flag from ENT_COMPAT to ENT_QUOTES for string-typed features in db2json().

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@novasam23 novasam23 requested a review from jessevz July 2, 2026 06:39

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.

Comment thread src/inc/apiv2/common/AbstractBaseAPI.php
Comment thread src/inc/apiv2/common/AbstractBaseAPI.php
Comment thread src/inc/apiv2/common/AbstractBaseAPI.php
@novasam23 novasam23 changed the title Change flag for HTML entity decoding to ENT_QUOTES Remove encoding of HTML entities by the API Jul 2, 2026
@s3inlc

s3inlc commented Jul 2, 2026

Copy link
Copy Markdown
Member

Maybe it would make sense to write a pytest which tests creating and/or patching some object with some umlauts or other characters which would be affected by this htmlentities to verify for the future that it does not get added/changed by accident.

@novasam23

Copy link
Copy Markdown
Contributor Author

I've added two more tests, each of which should by itself have caught the underlying issue with this bug.

There is still lot's of uses of htmlentities(), especially within the utils, that should be removed. I'd suggest to do this after the 1.0.0 release.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

Comment on lines 634 to 636
elseif (str_starts_with($feature['type'], 'str')) {
$val = htmlentities($obj, ENT_QUOTES, "UTF-8");
$val = $obj;
}
Comment thread ci/apiv2/test_task.py
Comment on lines +295 to +301
def test_blacklist_chars(self):
config = Config.objects.get(item='blacklistChars')
config.save()
model_obj = self.create_test_object()
with self.assertRaises(HashtopolisResponseError) as e:
self._test_patch(model_obj, 'attackCmd', config.value)
self.assertEqual(e.exception.status_code, 500) No newline at end of file
Comment thread ci/apiv2/test_config.py Outdated
Comment on lines +1 to +3
from hashtopolis import Config
from utils import BaseTest

from hashtopolis.hashtopolis import HashtopolisResponseError

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the unused HashtopolisResponseError import in commit $(git rev-parse --short HEAD).

Comment thread ci/apiv2/test_config.py Outdated
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@s3inlc

s3inlc commented Jul 7, 2026

Copy link
Copy Markdown
Member

I've added two more tests, each of which should by itself have caught the underlying issue with this bug.

There is still lot's of uses of htmlentities(), especially within the utils, that should be removed. I'd suggest to do this after the 1.0.0 release.

AFAIK all other uses of htmlentities() are mostly tied to the old frontend or at least due to it, so it will be easy to remove them when we start removing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG]: Changing Forbidden characters causes fatal error

4 participants