Answered Weirdest problem of @-characters converting field to hex values when using snippet inside script tag

I'm using a snippet to get values from a database (MariaDB) and assign them to js variables. Maybe there'd be a better way, but that's not my question.

It looks something like this:


activate is a static file (DIRECTORY/activation.php), relevant part of which looks smth like this:


(var_dump is, of course, for debugging)
Outcome is as it should:

etc.

But now the weirdest part: while all the fields are displayed as they should, they get converted to hex code whenever there's @ sign in the field. For example:
[email protected] will become different sequence of hex characters after each refresh:

or

or


(I added a space after &, otherwise it'd have looked correct in this post that converts hex characters to utf8.)
while ervin @punker.ee (note the space before @) is correct:


Few further remarks:
1) It doesn't have to be valid e-mail to get hexed ("ervin@punker get's hexed, too)
2) it's nought to do with SQL field structure (VARCHAR 100, utf8_estonian_ci), as the other fields with @-sign inserted behave the same way,
3) I can't reproduce it with any other character (tried ≠,∆,∑,◊ and some others)
4) All is well when the snippet is outside of the <script> tag like this:
5) I can't reproduce it outside MODX (see the correct-output test source outside MODX at http://test.myyt.ee/test.php?hid=55:5m5kkKIn0aJz/irI0gyZiA==:765ed33103c6e3cb08de92bb8e547008d6a5dbaed83e33b15a33b31c2ca44ddc, as opposed to not-correct-output source at https://www.myyt.ee/aktiveeri.html?hid=55:5m5kkKIn0aJz/irI0gyZiA==:765ed33103c6e3cb08de92bb8e547008d6a5dbaed83e33b15a33b31c2ca44ddc so it seems to have something to do with MODX Revo.

Tried googling it, but nothing comes up.. Any ideas? [ed. note: konservin last edited this post 6 years, 7 months ago.]

I'm not sure what's causing that, but have a couple of thoughts:



Also, it looks like the string is being run through json_encode() at some point, if you can escape the @ signs with backslashes before that happens it might solve the problem.

Thank You BobRay,

Names are all set, every unicode character comes through, so that's not the cause.

Yes, I thought of escaping the @-sign upon populating the field, or even replacing it with triple-∆∆∆ and then re-replacing it, but it seems rather hacky..

Funnily, this doesn't work either. I changed the field value to ervin\@punker.ee and added few lines like this:


Result is ["email"]=>string(16) "ervin\@punker.ee" on the first dump, but same hexed thing on the other..

I wonder, why is strings inside snippets inside <script> tags json-encoded only when there's @-sign present.

I found the culprit: ObfuscateEmail plugin for MODx. I suspected it already, removed the plugin (don't recall installing it anyway), but nothing changed, so I thought the problem was elsewhere.

But even after removing the plugin (and clearing the cache) I found this at /core/cache/includes/elements/modplugin/2.include.cache.php:

Removed last two lines, and hexes are gone, so problem solved.

But.. solved until clearing the cache.. -> ObfuscateEmail plugin for MODx is back again!
I understand that it's actually another question but still: how to remove the thing, or modify it? It's not listed under MODX add-ons, it's not in core/components or core/packages. Only occurrences of 'obfuscate' or 'replaceEntities' are in core/cache/, and after deleting the whole cache manually and then clearing the cache at MODX admin panel they reappear.. How to successfully remove it?

Quote from: BobRay at Sep 18, 2017, 10:11 PM

Look in the modx_site_plugins table in the DB and see if the plugin is still there.

Thank You very much! It was there, and after removing it the problem is solved.

I'm glad I could help. Thanks for reporting back.