htmlentities for tvtype text/textarea/textareamini

5 Posts

Konrad Reply #1, 18 years, 2 months ago

hi@all

First off all I need to say: Great work!
Clean structure, clean code, good core functionality and a flat learning curve for beginners.

I just set up a starting website within some hours. I’ll add the link to my signature when it’s done... laugh

During my work I found a small problem already discussed in the bug tracker:
Valid (X)HTML in the TVs ’text/textarea/textareamini’.
My problem was that special characters like ’&’ or German ’umlaute’ weren’t converted to htmlentities.

May be my solution will help someone:

in
manager/includes/tmplvars.format.inc.php
goto
function getTVDisplayFormat
at line 240 find

				if($tvtype=='checkbox'||$tvtype=='listbox-multiple') {
					// remove delimiter from checkbox and listbox-multiple TVs
					$value = str_replace('||','',$value);
				}

after ’}’ add

				elseif($tvtype=='text'||$tvtype=='textarea'||$tvtype=='textareamini'){
				  $value = htmlentities($value);
				}

May be there are other types where htmlentities must be used but right now this solution is working fine in my case.

Konrad

1,495 Posts

wendy Reply #2, 18 years, 2 months ago

Could you post that on bug tracker? http://www.modxcms.com/bugs/
Welcome to the community

Wendy Novianto
[font=Verdana]PT DJAMOER Technology Media
[font=Verdana]Xituz Media

155 Posts

Boby Reply #3, 18 years, 2 months ago

I was just searching if there is already a report of this problem wink

Created a page "foo & bar" that failed the XHTML validation because of these unescaped "&" char. It’s nice to have it stored in the DB as it is, but it has to be escaped before the output.

This function might be of use, used it on my old homepage before movind to MODx:

<?php
/**
 * Escape a string
 * @param string
 * @param string
 * @return string
 */
function escape_string($string, $type="html") {
   switch($type) {
      case 'html':
         //Convert special characters to HTML entities
         return htmlspecialchars($string, ENT_QUOTES);

      case 'full_html':
         //Convert all applicable characters to HTML entities
         return htmlentities($string, ENT_QUOTES);

      case 'quotes':
         //Escape unescaped single quotes
         return preg_replace("%(?<!\\\\)'%", "\\'", $string);

      case 'url':
         //URL-encode according to RFC 1738
         return rawurlencode($string);

      case 'javascript':
         //Escape backslashes, quotes, newlines, etc.
         return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\n" => '\\n', '</' => '<\/'));

      default:
         return $string;
    }
}
?>

It can convert only special chars, or all chars (like Umlaute for german language), encode an URL, etc.
Smarty template engine has a more complete function (plugin) that can also escape chars into hex and handle non-standard chars.

This is probably the most needed type:
http://www.php.net/manual/en/function.htmlspecialchars.php

If you need that above function, you are welcome to use it.

Boby

...my Photo Gallery on Flickr...