Admin-side Input Fields

Talk about writing modules and plugins for CMS Made Simple, or about specific core functionality. This board is for PHP programmers that are contributing to CMSMS not for site developers
Post Reply
User avatar
sjg
Power Poster
Power Poster
Posts: 310
Joined: Thu Jan 27, 2005 5:11 pm

Admin-side Input Fields

Post by sjg »

So I was working on a new content type last night, when I discovered an admin-side bug. The problem is if you enter a content Title or Menu name or something that contains a dangerous HTML character, which in this case probably is only double-quote or > (the latter only in certain browsers). The information gets stored to the database correctly, but when ContentManager::CreateTextInput or similar functions are called, the dangerous characters are not escaped, thus the input terminates early and the HTML is no longer valid.

Fortunately, I'd already written something that would address the problem when I was doing the FeedbackForm stuff. It's a fairly trivial "nerfing" function which I use in my inputs (although it might make sense to migrate it into the ContentManager CreateTextInput and related functions). It basically replaces double-quote, greater-than, and single quote with the HTML entities. Most browsers then handle the input correctly.

Anyway, it's in the pastebin: http://www.cmsmadesimple.org/pastebin/46
Many modules available from the http://dev.cmsmadesimple.org
The CMS Made Simple Developer Cookbook is now available from Packt Publishers!
Top
Post Reply

Return to “Developers Discussion”