Skip to content

Secuirty-fix: code scanning alert no. 13: Incomplete string escaping or encoding #2247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
NoumaanAhamed merged 3 commits into from
Dec 31, 2025
Merged

Secuirty-fix: code scanning alert no. 13: Incomplete string escaping or encoding #2247

NoumaanAhamed merged 3 commits into from
Dec 31, 2025

Conversation

@NoumaanAhamed
Copy link
Collaborator

@NoumaanAhamed NoumaanAhamed commented Dec 31, 2025

Potential fix for https://github.com/rtCamp/rtMedia/security/code-scanning/13

To fix the problem, we should change the string-based replace call to use a regular expression with the global (g) flag so that all instances of ] are removed, not just the first. This aligns with the general recommendation for safe and complete escaping or normalization.

Concretely, in app/assets/admin/js/settings.js, around line 159, update:

name_attr = name_attr.replace( ']', '' );

to:

name_attr = name_attr.replace( /\]/g, '' );

This uses a regex literal that matches the ] character, properly escaped inside the character class, and the g flag ensures every occurrence in the string is replaced. No additional imports or helper methods are needed, and the functional behavior for the typical single-] case remains unchanged while correctly handling any unexpected extra ] characters.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

NoumaanAhamed and others added 3 commits December 5, 2025 12:30
@NoumaanAhamed
fix(importer): replace die() with exit() in BPMediaAlbumimporter
2f98002
@NoumaanAhamed
Merge pull request #2238 from rtCamp/fix/php-8.4-changes
0e75fa7 
fix(update) : PHP 8.4 Compatibility
@NoumaanAhamed @github-advanced-security
Potential fix for code scanning alert no. 13: Incomplete string escap…
80946b5 
…ing or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@NoumaanAhamed NoumaanAhamed changed the base branch from develop to master December 31, 2025 08:31
@rtBot
Copy link
Contributor

rtBot commented Dec 31, 2025

Unable to PHPCS or SVG scan one or more files due to error running PHPCS/SVG scanner:

  • app/assets/admin/js/settings.js
  • app/importers/BPMediaAlbumimporter.php

The error may be temporary. If the error persists, please contact a human (commit-ID: 80946b5).

@NoumaanAhamed NoumaanAhamed changed the base branch from master to fix/codeql-issues December 31, 2025 08:34
@NoumaanAhamed NoumaanAhamed marked this pull request as ready for review December 31, 2025 08:35
@NoumaanAhamed NoumaanAhamed requested a review from mi5t4n December 31, 2025 08:35
@NoumaanAhamed NoumaanAhamed changed the title Potential fix for code scanning alert no. 13: Incomplete string escaping or encoding Secuirty-fix: code scanning alert no. 13: Incomplete string escaping or encoding Dec 31, 2025
@NoumaanAhamed NoumaanAhamed mentioned this pull request Dec 31, 2025
Open
mi5t4n
mi5t4n approved these changes Dec 31, 2025
View reviewed changes
Copy link
Member

@mi5t4n mi5t4n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@NoumaanAhamed NoumaanAhamed merged commit 2c8049d into fix/codeql-issues Dec 31, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mi5t4n mi5t4n mi5t4n approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@NoumaanAhamed @rtBot @mi5t4n