next »

[Bash Gordon]

I tried to use a double quotation mark in the content of a oneline content block.

First input and submit works as expected, however, when I subsequently try to edit the page everything following the double quotation mark is lost.

The source of the problem seems to be that quotation marks are not escaped or htmlencoded in the input text box. The source code of the edit page shows for example
<input type="text" name="someonelinecontent" value="foo="bar"" />
with the value field prematurely "ending" after equal sign.

Has anybody else experienced this problem? Is there a known workaround?

I have already tried to set wysiwyg to true and false, but the setting didn't change behavior. Using single quotation marks as a workaround doesn't help as I want to use a variable in a parameter which has to be quoted.

I hope I didn't miss something obvious?

Thank you!
Bash

[Pierre M.]

Hello Bash,

The source of the problem seems to be that quotation marks are not escaped or htmlencoded in the input text box. The source code of the edit page shows for example
<input type="text" name="someonelinecontent" value="foo="bar"" />
with the value field prematurely "ending" after equal sign.

Not tried :
<input type="text" name="someonelinecontent" value='foo="bar"' />
<input type="text" name="someonelinecontent" value="foo='bar'" />

Pierre M.

[Bash Gordon]

Hello Pierre,

Not tried :
<input type="text" name="someonelinecontent" value='foo="bar"' />

Could you give me hint which functions generate the edit pages? Sorry, I have no idea where to start searching.

<input type="text" name="someonelinecontent" value="foo='bar'" />

Yes, but unfortunately this doesn't work (as described above). Actually I want to have a smarty tag with a parameter including a string and a variable, e.g. like this
{mytag par="foo $lang bar"}
and then single quotes no longer work.

Thank you! Best,
Bash

[Nullig]

Can you not do:

$par_val = "foo ".$lang." bar";
{mytag par="$par_val"}

Nullig

[Bash Gordon]

$par_val = "foo ".$lang." bar";
{mytag par="$par_val"}

Yes, this should also work, thanks!

I searched the source code and found the relevant line (231) in lib/classes/contenttypes/Content.inc.php (version 1.2.3, Black Rock):

Code:

$ret[]= array(ucwords($blockName).':','<input type="text" name="'.$blockNameId['id'].'" value="'.$this->GetPropertyValue($blockNameId['id']).'" />');

Would you expect any side effects of converting the content with cms_htmlentities (as it is done with the other input boxes)?

Code:

cms_htmlentities($this->GetPropertyValue($blockNameId['id']))

In case not, would it be possible to include this change in the next release?

Thank you, best
Bash

[Bash Gordon]

Solved in 1.2.4.  Thank you for the fast inclusion of the patch!

Best,
Bash