Problems with maximum review length and non-Latin characters

Started by Ventsi Genchev, October 07, 2019, 18:30:56 PM

Previous topic - Next topic

Ventsi Genchev

There are two problems with product reviews. (Virtuemart 3.4.2 ~ 3.6.2.10159)

1. The maximum length is always 2000 characters. No matter the setting in administration.
2. In Cyrillic, despite observing the maximum length, the review is not fully published.

The problem is in the file:
/administrator/components/com_virtuemart/models/ratings.php

The line:
$data['comment'] = substr($data['comment'], 0, VmConfig::get('vm_reviews_maximum_comment_length', 2000)) ;

Must be:
$data['comment'] = mb_substr($data['comment'], 0, VmConfig::get('reviews_maximum_comment_length', 2000)) ;

1. Because 'vm_reviews_maximum_comment_length' is not valid and should be 'reviews_maximum_comment_length'.
2. From substr to mb_substr to correctly count the number of characters when they are not Latin.
Audio Store:
https://vsystem.bg - Bulgarian language
https://vsystem.bg/en - English

Ventsi Genchev

By the way, I have a product "Game One ..." and accordingly this line gives a problem:

$value = (string)preg_replace('#on[a-z](.+?)\)#si','',$value);//replace start of script onclick() onload()...

Is there any other way to prevent onclick() onload()...?
Audio Store:
https://vsystem.bg - Bulgarian language
https://vsystem.bg/en - English

Studio 42

document.getElementById("mybutton").onclick = null;
Or
jQuery('#mybutton').attr('onclick',null);

Ventsi Genchev

Thank you Patrick for your reply.
I know about this method, but unfortunately it doesn't work for 2 reasons:

1. This file is in the core and I don't want to modify it every time. I prefer Max to find a solution.  :)
2. Max protects not only the onclick but also the onload and everything that starts with "on" and has brackets afterwards.

I do not want to lose that protection, but I think a better solution should be found.

Here's an example:
User writes: "I was the only one to write a review (with rating and comment). So I have a question."
And the following is published: "I was the . So I have a question."

Because if there is a word with "on" and brackets somewhere after that, everything is removed. The word can be "On" or "One" or "configuration"....

Here is another example:
User writes: "A good configuration (in my opinion) is desirable."
And the following is published: "A good c is desirable."

I have now found a foolish method to avoid this and at the same time not to lose the protection of "on...". But the decision is temporary and I will wait for the team to give an opinion.

Since in this topic I am solving 2 problems and this question has nothing to do with it, I am posting a new topic specifically for this problem here:
https://forum.virtuemart.net/index.php?topic=143616.0

Audio Store:
https://vsystem.bg - Bulgarian language
https://vsystem.bg/en - English

Studio 42

Sorry, i was on another problem about onClick
As i know HTML is not tolerated by default. So using core Joomla filter or PHP should remove any javascript and dont need this stupid line.
Eg.
$value = filter_var($value , FILTER_SANITIZE_STRING);
See https://www.w3schools.com/php/phptryit.asp?filename=tryphp_func_sanitize_string