Author Topic: Quotation mark in category name  (Read 682 times)

d0ublezer0

  • Jr. Member
  • **
  • Posts: 158
Quotation mark in category name
« on: September 15, 2017, 14:16:13 pm »
vm 3.2.4
j3.7.5
Disappear when saved and then opened:

create category
Category with "Quotes"
save it
open it
you will see that your category name will be as:
Category with

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 3334
  • Joomla & Virtuemart addon developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3.0.x.y
Re: Quotation mark in category name
« Reply #1 on: September 17, 2017, 01:39:58 am »
Same for Product(i corrected it for a customer), but i don't report anymore such bugs because i don't want to do sned patch only for 1 line.

d0ublezer0

  • Jr. Member
  • **
  • Posts: 158
Re: Quotation mark in category name
« Reply #2 on: May 13, 2018, 17:09:06 pm »
VM3.2.12 problem is still here

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 3334
  • Joomla & Virtuemart addon developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3.0.x.y
Re: Quotation mark in category name
« Reply #3 on: May 13, 2018, 20:57:04 pm »
This is the fix i use for products
File is JOOMLAROOT/administrator/components/com_virtuemart/views/product/tmpl/product_edit_information.php
Code: [Select]
<input class="required inputbox" type="text" name="product_name" id="product_name" value="<?php echo htmlentities($this->product->product_nameENT_QUOTES"UTF-8"); ?>" size="32" maxlength="400" />This is the code to use in any input(not textarea) to support quotes
Code: [Select]
htmlentities($yourValue, ENT_QUOTES, "UTF-8");

d0ublezer0

  • Jr. Member
  • **
  • Posts: 158
Re: Quotation mark in category name
« Reply #4 on: August 03, 2018, 11:11:40 am »
Well, so maybe the developers will include this correction in the working project?

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 3334
  • Joomla & Virtuemart addon developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 &amp; 3.0.x.y
Re: Quotation mark in category name
« Reply #5 on: August 03, 2018, 14:49:46 pm »
Hum, they have modifed something, but not really cool, encoding all in the DB.
So for your quotes in last VM Beta, you have now the specialchar encoded in the field.
This solve in some case the diiplay problem, but using any fields in a email send as plain text display the encoded chars.
Another problem with the new solution. Is when you use an import tools, you have to encode all.
I have to modfiy my import tool and certainly CSVI too. So not really cool, especially when you work direcly sometime in the database. Eg expporting data as CSV to work on Excel and other drawback...

d0ublezer0

  • Jr. Member
  • **
  • Posts: 158
Re: Quotation mark in category name
« Reply #6 on: August 03, 2018, 19:02:58 pm »
Yes, that is right.
but the real solution is very simple and obvious. why not add it? escaping strings is the golden rule of working with forms, I remember it since 1999, when I started programming.

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 3334
  • Joomla & Virtuemart addon developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 &amp; 3.0.x.y
Re: Quotation mark in category name
« Reply #7 on: August 03, 2018, 21:30:30 pm »
@d0ublezer0, i verified about Joomla $db->insertObject the save way to add records in the DB.
The only they do is use  $db->quote($vallue);
db->quote without 2nd parameter escape the string, so in the DB all are right inserted(you have no backslash in the table).
I tried allready to inject queries inside on insert or update, this get never executed, only in very old servers, you can have the problem, but then not only for mysql queries. So i really dont understand why they have added encoding, the problem was not on insert in the field, but on display only.
Because an input need to have double quotes, you have to use htmlentities($str,ENT_QUOTES,'UTF-8'). 
Note that since  PHP 5.6 ihtmlentities use always UTF-8, but Joomla 4 want only php7 support, so this UTF-8 is only for compatibility and is obsolete for Joomla 4.

d0ublezer0

  • Jr. Member
  • **
  • Posts: 158
Re: Quotation mark in category name
« Reply #8 on: September 14, 2018, 13:11:26 pm »
An alternative solution that suited for me:
copy administration template file into the
Code: [Select]
\administrator\templates\isis\html\com_virtuemart\category\edit_categoryform.phpand make the necessary changes in it.

Yes, this is also a hack.
But it will not be automatically lost when upgraded, if you suddenly forget to make a copy of your changes.

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9642
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Quotation mark in category name
« Reply #9 on: September 17, 2018, 08:33:24 am »
I tried allready to inject queries inside on insert or update, this get never executed, only in very old servers, you can have the problem, but then not only for mysql queries. So i really dont understand why they have added encoding, the problem was not on insert in the field, but on display only.
Because an input need to have double quotes, you have to use htmlentities($str,ENT_QUOTES,'UTF-8'). 
Note that since  PHP 5.6 ihtmlentities use always UTF-8, but Joomla 4 want only php7 support, so this UTF-8 is only for compatibility and is obsolete for Joomla 4.

Time to think about removing it. But next release, not for vm3.4
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/