s-c doesn't play well with reviews containing overly long words
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | software-center (Ubuntu) |
Low
|
Robert Roth | ||
| | Precise |
Undecided
|
Unassigned | ||
Bug Description
I haven't verified this, but a review with a word '99999999999999
---
SRU TEST CASE:
1. Launch the current Ubuntu Software Center in Precise.
2. Click the "Installed" toolbar button.
3. Choose an application to to a "test" review on (remember the title so you can find it later!), navigate to its details view and click the link for "Write your own review".
4. In the review window that opens, enter the various fields and for review text just enter a very long string of "9999999"s. Go crazy, make it wrap a few times.
5. Submit the review.
6. Look at the review and see that the review text of all 9's do not wrap, and instead scroll way off the side of the screen (see attached screenshot 1).
7. Close Ubuntu Software Center.
8. Update to the version of software-center in precise-proposed.
9. Launch Ubuntu Software Center again and navigate to the application you reviewed.
10. Verify that now the "9"s are wrapped, and there is no horizontal scrollbar (see attached screenshot 2).
11. Just below your review, click the "Delete" button because, well, you don't want this silly review to stick around with your name on it, do you?
SRU REGRESSION POTENTIAL:
Regression risk is near negligible. Fix simply adds a wrap mode to the field. If there is a regression, it might appear as poorly wrapped review text.
---
Related branches
- Gary Lasker (community): Approve on 2012-05-24
-
Diff: 10 lines (+1/-0)1 file modifiedsoftwarecenter/ui/gtk3/widgets/reviews.py (+1/-0)
| description: | updated |
| tags: | added: client-server |
| Robert Roth (evfool) wrote : | #1 |
| Robert Roth (evfool) wrote : | #2 |
Whoops, sorry, commented to the wrong bug.
| Changed in software-center (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Changed in software-center (Ubuntu): | |
| assignee: | nobody → Robert Roth (evfool) |
| status: | Confirmed → In Progress |
| Changed in software-center (Ubuntu): | |
| status: | In Progress → Fix Committed |
| Gary Lasker (gary-lasker) wrote : | #4 |
Hello Kiwinote, or anyone else affected,
Accepted software-center into precise-proposed. The package will build now and be available in a few hours. Please help us by testing this new package. See https:/
| Changed in software-center (Ubuntu Precise): | |
| status: | New → Fix Committed |
| tags: | added: verification-needed |
| Gary Lasker (gary-lasker) wrote : | #6 |
I have verified that software-center version 5.2.3 in precise-proposed fixes this bug per the test case given in the description.
Thanks!
| Changed in software-center (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| tags: |
added: verification-done removed: verification-needed |
| Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package software-center - 5.2.3
---------------
software-center (5.2.3) precise-proposed; urgency=low
[ Robert Roth ]
* lp:~evfool/software-center/lp987801:
- Only show the version label once for each version in
reviews (LP: #987801)
* lp:~evfool/software-center/lp874430:
- display tooltips for package titles in the application
tiles of the lobby view (LP: #874430)
* lp:~evfool/software-center/lp983831:
- Avoid merging two words while normalizing description (LP: #983831)
* lp:~evfool/software-center/lp822625:
- Set default value for reviewstats histogram (LP: #822625)
* lp:~evfool/software-center/lp875874:
- Set word wrap with fallback to char wrapping for the review
text label (LP: #875874)
[ Gabor Kelemen ]
* lp:~kelemeng/software-center/bug1001746:
- merge i18n fix (LP: #1001746)
[ Michael Vogt ]
* lp:~mvo/software-center/lp872760-for-5.2:
- fix translations for certain category names (LP: #872760)
* lp:~mvo/software-center/lp987321:
- fix dependency to ensure that we have humanity-icon-theme
as we need it for the history view icons (LP: #987321)
* lp:~mvo/software-center/test-catview-cleanup:
- refactor unit tests for the catview
* lp:~mvo/software-center/lp1002271:
- fix regresion in 5.2.2 (LP: #1002271) for empty descriptions
* lp:~mvo/software-center/lp1005104:
- fix regression in 5.2.2 (LP: #1005104) in initial navigation
history
* lp:~mvo/software-center/client-lp1004417:
- client side fix for when exhibit package names contain
extra whitespace (LP: #1004417)
[ Gary Lasker ]
* lp:~gary-lasker/software-center/fix-crash-lp1000238:
- remove obsolete workaround for an old bug that has long since
been fixed, this fixes a hard crash on Quantal (LP: #1000238)
* lp:~gary-lasker/software-center/toolbar-buttons-insensitive-during-startup:
- re-enable the fix for LP: #999486, LP: #994341 that was inadvertently
disabled in the 5.2.2 release
[ Natalia Bidart ]
* lp:~nataliabidart/software-center/fix-977931:
- Unified package string parsing into a single method that will be
used from either the command line arguments, or from the dbus method
'
entry points. LP: #977931
- Also added proper test suites for the above.
* lp:~nataliabidart/software-center/fix-965093:
- Fixed the SpinnerNtebook show_spinner method so the spinner page is
not shown until the configured threshold is reached (250ms since
this branch). Plus proper test suite was added.
* lp:~nataliabidart/software-center/fix-986563:
- Filtered out those exhibits that do not their packages available
in the db (LP: #986563)
-- Michael Vogt <email address hidden> Mon, 04 Jun 2012 08:53:25 +0200
| Changed in software-center (Ubuntu Precise): | |
| status: | Fix Committed → Fix Released |
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.