CMS Made Simple Forums

Posted: **Thu Mar 27, 2008 1:58 pm**

I tried to use a double quotation mark in the content of a oneline content block.

First input and submit works as expected, however, when I subsequently try to edit the page everything following the double quotation mark is lost.

The source of the problem seems to be that quotation marks are not escaped or htmlencoded in the input text box. The source code of the edit page shows for example

with the value field prematurely "ending" after equal sign.

Has anybody else experienced this problem? Is there a known workaround?

I have already tried to set wysiwyg to true and false, but the setting didn't change behavior. Using single quotation marks as a workaround doesn't help as I want to use a variable in a parameter which has to be quoted.

I hope I didn't miss something obvious?

Thank you!
Bash

Posted: **Thu Mar 27, 2008 5:12 pm**

Hello Bash,

Bash Gordon wrote: The source of the problem seems to be that quotation marks are not escaped or htmlencoded in the input text box. The source code of the edit page shows for example

with the value field prematurely "ending" after equal sign.

Not tried :

Pierre M.

Posted: **Thu Mar 27, 2008 6:10 pm**

Hello Pierre,

Pierre M. wrote: Not tried :

Could you give me hint which functions generate the edit pages? Sorry, I have no idea where to start searching.

Pierre M. wrote:

Yes, but unfortunately this doesn't work (as described above). Actually I want to have a smarty tag with a parameter including a string and a variable, e.g. like this
{mytag par="foo $lang bar"}
and then single quotes no longer work.

Thank you! Best,
Bash

Posted: **Thu Mar 27, 2008 6:40 pm**

Can you not do:

$par_val = "foo ".$lang." bar";
{mytag par="$par_val"}

Nullig

Posted: **Fri Mar 28, 2008 1:51 pm**

Nullig wrote: $par_val = "foo ".$lang." bar";
{mytag par="$par_val"}

Yes, this should also work, thanks!

I searched the source code and found the relevant line (231) in lib/classes/contenttypes/Content.inc.php (version 1.2.3, Black Rock):

Code: Select all

$ret[]= array(ucwords($blockName).':','<input type="text" name="'.$blockNameId['id'].'" value="'.$this->GetPropertyValue($blockNameId['id']).'" />');

Would you expect any side effects of converting the content with cms_htmlentities (as it is done with the other input boxes)?

Code: Select all

cms_htmlentities($this->GetPropertyValue($blockNameId['id']))

In case not, would it be possible to include this change in the next release?

Thank you, best
Bash

Posted: **Mon Mar 31, 2008 12:52 pm**

Solved in 1.2.4. Thank you for the fast inclusion of the patch!

Best,
Bash

CMS Made Simple Forums

[Solved] Double quotation mark breaks edit of oneline content block

[Solved] Double quotation mark breaks edit of oneline content block

Re: Double quotation mark breaks edit of oneline content block

Re: Double quotation mark breaks edit of oneline content block

Re: Double quotation mark breaks edit of oneline content block

Re: Double quotation mark breaks edit of oneline content block

[Solved] Re: Double quotation mark breaks edit of oneline content block