Quotation mark in category name

[d0ublezer0]

vm 3.2.4
j3.7.5
Disappear when saved and then opened:

create category
Category with "Quotes"
save it
open it
you will see that your category name will be as:
Category with

[Studio 42]

Same for Product(i corrected it for a customer), but i don't report anymore such bugs because i don't want to do sned patch only for 1 line.

[d0ublezer0]

VM3.2.12 problem is still here

[Studio 42]

This is the fix i use for products
File is JOOMLAROOT/administrator/components/com_virtuemart/views/product/tmpl/product_edit_information.php

Code: [Select]

<input class="required inputbox" type="text" name="product_name" id="product_name" value="<?php echo htmlentities($this->product->product_name, ENT_QUOTES, "UTF-8"); ?>" size="32" maxlength="400" />This is the code to use in any input(not textarea) to support quotes

Code: [Select]

htmlentities($yourValue, ENT_QUOTES, "UTF-8");

[d0ublezer0]

Well, so maybe the developers will include this correction in the working project?

[Studio 42]

Hum, they have modifed something, but not really cool, encoding all in the DB.
So for your quotes in last VM Beta, you have now the specialchar encoded in the field.
This solve in some case the diiplay problem, but using any fields in a email send as plain text display the encoded chars.
Another problem with the new solution. Is when you use an import tools, you have to encode all.
I have to modfiy my import tool and certainly CSVI too. So not really cool, especially when you work direcly sometime in the database. Eg expporting data as CSV to work on Excel and other drawback...

[d0ublezer0]

Yes, that is right.
but the real solution is very simple and obvious. why not add it? escaping strings is the golden rule of working with forms, I remember it since 1999, when I started programming.

[Studio 42]

@d0ublezer0, i verified about Joomla $db->insertObject the save way to add records in the DB.
The only they do is use  $db->quote($vallue);
db->quote without 2nd parameter escape the string, so in the DB all are right inserted(you have no backslash in the table).
I tried allready to inject queries inside on insert or update, this get never executed, only in very old servers, you can have the problem, but then not only for mysql queries. So i really dont understand why they have added encoding, the problem was not on insert in the field, but on display only.
Because an input need to have double quotes, you have to use htmlentities($str,ENT_QUOTES,'UTF-8'). 
Note that since  PHP 5.6 ihtmlentities use always UTF-8, but Joomla 4 want only php7 support, so this UTF-8 is only for compatibility and is obsolete for Joomla 4.

[d0ublezer0]

An alternative solution that suited for me:
copy administration template file into the

Code: [Select]

\administrator\templates\isis\html\com_virtuemart\category\edit_categoryform.phpand make the necessary changes in it.

Yes, this is also a hack.
But it will not be automatically lost when upgraded, if you suddenly forget to make a copy of your changes.

[Milbo]

I tried allready to inject queries inside on insert or update, this get never executed, only in very old servers, you can have the problem, but then not only for mysql queries. So i really dont understand why they have added encoding, the problem was not on insert in the field, but on display only.
Because an input need to have double quotes, you have to use htmlentities($str,ENT_QUOTES,'UTF-8'). 
Note that since  PHP 5.6 ihtmlentities use always UTF-8, but Joomla 4 want only php7 support, so this UTF-8 is only for compatibility and is obsolete for Joomla 4.

Time to think about removing it. But next release, not for vm3.4