News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

VM 3.2.1: Using quotes in product name, issue in Admin panel

Started by profyart, April 05, 2017, 10:06:46 AM

Previous topic - Next topic

profyart

VM 3.2.1, joomla 3.6.5

Issue:
Trying adding quotes to product name produce issue in Administrator panel
Example:  'Product "test"'   shows as 'Product'

Reason:
source code of product_name input box looks like:

<input.... value="Product "test"">

Solution: use htmlspecialchars()
In file \administrator\components\com_virtuemart\views\product\tmpl\product_edit_information.php line 44:

value="<?php echo $this->product->product_name?>"

Change to

value="<?php echo htmlspecialchars($this->product->product_name); ?>"

UPDATE:
Oh, i have Clarify issue - it appears in ADMIN PANEL in product_name field. So it's on admin area, not on site pages.

Milbo

What happens, when you store it, open it and store it again?

When you want to enter this with htmlspecialchar, you must remove the right to use raw. As Superadministrator, you are allowed to write raw. check the ACL, there is a setting for that.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

woodhouse

Got the same problem with product name:     Test VM 003 '' "" % & £ é è # à ò @ ù § ^ ü ? ? ø ?

The solution in to use value="<?php echo htmlentities($this->product->product_name); ?>"

I tested and it works.


Milbo

You ignore just what I wrote.

Again. IT IS INTENDED, that administrators CAN ENTER RAW! this means the administrator has to care for himself and when he want to use " he must write it as htmlentity for example &ldquo;

So when you say, "Hey I just want to enter the name, without thinking about", then you should change the ACL! The right to write RAW, when you remove the right to use "Raw", then it should be converted for you, when you store it. But indeed there is maybe the problem, that you cant deactivate the right to write raw for Superadministrators.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

woodhouse

Hi Milbo,
I read what you wrote, but I do not understand why I should change some setting when the solution seems so simple.
I not even understand why "it is intended" to force someone to enter html code instead of simple human characters; the user of the interface to create a new product is not supposed to be an IT professional.
I create products programmatically using custom html forms and I do prefer to avoid the character encoding/decoding.

Milbo

Quote from: Milbo on April 06, 2017, 11:49:06 AM
that administrators CAN ENTER RAW! this means the administrator has to care for himself

Yepp, because I assume, you use the super administrator account. The reason is that some people used html there. So there is a "rights" setting which allows to enter raw, which is usually set for the superadministrator to yes. Because he is the superadministrator. But indeed we could enhance that by considering the reasons in the background. For example, we could add a vm config setting, which disables the raw stuff always.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

mahootshop

#6
i believe too, that html raw shouldn't be available always.

in a situation of 1 vendor who has superuser too, it will become an unwanted config...

it should be disable at default, and if superuser knows what he or she is doing, then turn it on.

as a matter of fact i should tell you something Milbo... (which i believe you think of... some times...)

i'm working with Virtuemart for 2 year now... which is better to replace the word of "working" to "struggling"...


im working with computers for 20 years. and also i have university degree's, so at least we can say that im not an idiot.

but working with Virtuemart its like solving puzzles, its like going throw a maze that made to test your IQ, that made to test how tolerant you are, the maze that made to not be easy, which is completely away from any software or OS Main Goal...

in Virtuemart:
the logic of menus have problem....
the logic of configuration has serious problems ...
the usability of the hole structure is a mess...

its like a Building without Architecture, without leader... i think you should reconsider that as a critical matter in Virtuemart.


P.S.

i believe its an historical problem of your country...
your country people always want to make something so complete, so General, so specific, that they forgot 2 major Fact...  1.usability(how easy to use)  2.optimality (how optimized the system is (is everything enough good?))
"no offence to German people, which i love the country...."

Milbo

Quote
it should be disable at default, and if superuser knows what he or she is doing, then turn it on.
So you agree to my idea. Okey

The rest. Interesting view point. I just pick one thing:
Quotethe logic of menus have problem....
This is done by joomla. So as long you mix up joomla with Virtuemart,...
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

mahootshop

#8
QuoteSo you agree to my idea. Okey
yes of course .



QuoteThis is done by joomla. So as long you mix up joomla with Virtuemart,...

half agree, half not... I mentioned the Virtuemart Menu, not joomla)

im using components on joomla which is completely redesigned and near to WP structure. so i believe its doable... by the way i understand the Joomla structure bring so many difficulties. changing router in next version (3.8 or later) is an approval to this statement

woodhouse

Thank you Milbo for the answer. At least I understood the reason beneath the "complication"  :)

Milbo

Which Virtuemart Menu do you mean? The one on the backend? The one on the left side? We have the menu vertical on the left side since vm1 and as far as I know WP has the same style, and joomla uses it also more and more. Because it just makes sense, for width screen (Desktop) and mobile.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

mahootshop

#11
Quote from: Milbo on April 11, 2017, 12:45:04 PM
Which Virtuemart Menu do you mean? The one on the backend? The one on the left side? We have the menu vertical on the left side since vm1 and as far as I know WP has the same style, and joomla uses it also more and more. Because it just makes sense, for width screen (Desktop) and mobile.

I didn't mean for visual of the menu.
The concept and the leveling of menus has logic problem.
Fo example having a menu title as tool and another title as configuration brings so many misunderstanding...

There should be a right menu hierarchy,  which is written from consumer's expectations,  not from maker or programmers of the software.
This is what makes ios (apple mobile)  so popular than other os.
Industry with University corporation, studying on this environments more than technic and technology nowadays...

The Art is to make something that even my grandma can find out.  Not something that a programmer after 2 month can not remember were was were.....

profyart

#12
Quote from: Milbo on April 05, 2017, 19:01:58 PM
What happens, when you store it, open it and store it again?

When you want to enter this with htmlspecialchar, you must remove the right to use raw. As Superadministrator, you are allowed to write raw. check the ACL, there is a setting for that.

Yes, but I can't edit this field later:D

Oh, i have Clarify issue - it appears in ADMIN PANEL in product_name field.

Current implementation of this brokes administration product fields functionality. So admin can't use HTML now. Because if you store, for example: 'Test <span class="test">header</span>' in product_name field, next time you open admin product page virtuemart will generate this code:
Quote<input  value=" Test <span class="test">header</span>">
And in you will se just "Test <span class=" in input fields just becaue quotes...

So! In admin mode fields should stores to DB as raw, but values should translates (via,exmpl, htmlspecialchars) to admin input fields to prevent admin fields functionality issues.