vm 3.2.4
j3.7.5
Disappear when saved and then opened:
create category
Category with "Quotes"
save it
open it
you will see that your category name will be as:
Category with
Same for Product(i corrected it for a customer), but i don't report anymore such bugs because i don't want to do sned patch only for 1 line.
VM3.2.12 problem is still here
This is the fix i use for products
File is JOOMLAROOT/administrator/components/com_virtuemart/views/product/tmpl/product_edit_information.php
<input class="required inputbox" type="text" name="product_name" id="product_name" value="<?php echo htmlentities($this->product->product_name, ENT_QUOTES, "UTF-8"); ?>" size="32" maxlength="400" />
This is the code to use in any input(not textarea) to support quotes
htmlentities($yourValue, ENT_QUOTES, "UTF-8");
Well, so maybe the developers will include this correction in the working project?
Hum, they have modifed something, but not really cool, encoding all in the DB.
So for your quotes in last VM Beta, you have now the specialchar encoded in the field.
This solve in some case the diiplay problem, but using any fields in a email send as plain text display the encoded chars.
Another problem with the new solution. Is when you use an import tools, you have to encode all.
I have to modfiy my import tool and certainly CSVI too. So not really cool, especially when you work direcly sometime in the database. Eg expporting data as CSV to work on Excel and other drawback...
Yes, that is right.
but the real solution is very simple and obvious. why not add it? escaping strings is the golden rule of working with forms, I remember it since 1999, when I started programming.
@d0ublezer0, i verified about Joomla $db->insertObject the save way to add records in the DB.
The only they do is use $db->quote($vallue);
db->quote without 2nd parameter escape the string, so in the DB all are right inserted(you have no backslash in the table).
I tried allready to inject queries inside on insert or update, this get never executed, only in very old servers, you can have the problem, but then not only for mysql queries. So i really dont understand why they have added encoding, the problem was not on insert in the field, but on display only.
Because an input need to have double quotes, you have to use htmlentities($str,ENT_QUOTES,'UTF-8').
Note that since PHP 5.6 ihtmlentities use always UTF-8, but Joomla 4 want only php7 support, so this UTF-8 is only for compatibility and is obsolete for Joomla 4.
An alternative solution that suited for me:
copy administration template file into the
\administrator\templates\isis\html\com_virtuemart\category\edit_categoryform.php
and make the necessary changes in it.
Yes, this is also a hack.
But it will not be automatically lost when upgraded, if you suddenly forget to make a copy of your changes.
Quote from: Studio 42 on August 03, 2018, 21:30:30 PM
I tried allready to inject queries inside on insert or update, this get never executed, only in very old servers, you can have the problem, but then not only for mysql queries. So i really dont understand why they have added encoding, the problem was not on insert in the field, but on display only.
Because an input need to have double quotes, you have to use htmlentities($str,ENT_QUOTES,'UTF-8').
Note that since PHP 5.6 ihtmlentities use always UTF-8, but Joomla 4 want only php7 support, so this UTF-8 is only for compatibility and is obsolete for Joomla 4.
Time to think about removing it. But next release, not for vm3.4