textinput plugin trouble displaying text from $item['comment'] in cart

Started by aerdna, July 29, 2016, 23:33:10 PM

Previous topic - Next topic

aerdna

Hi,

VM 3.0.12
PHP 5.6

I'm using the textinput vmcustom plugin which will display user-specific text in the cart for a product that is using that textinput custom field. The problem is with some kinds of text, the text displayed in the cart is not all displayed.  The middle part of the string is omitted.

I'm seeing in plugins/vmcustom/textinput/textinput.php where the plgVmOnViewCartVM3() function concats $item['comment'] to the $html output for the cart.

If I do a quick test and hardcode the string I want in place of $item['comment'], it displays in the cart just fine, but if I leave it in the variable $item['comment'], then it is not displayed correctly.  I don't know if it is a PHP issue, string length issue, or plugin nuance or what.  I've tried escaping the string, using htmlspecialchars(), htmlentities(), etc. with no luck.

An example string that does not work is:  "1.75mm Round Diamond-cut AA Emerald (#93629) : $44.99 x 1= $44.99"
It displays as: "1.75mm Round Diam : $44.99 x 1= $44.99"

But if I hard-code that string instead of using it from the $item['comment'] variable, it displays correctly in the cart with no omissions.

I'm really stumped as to what is causing this string to display like that.  Other strings that don't contain the hyphen (-) seem to work fine, but just removing that hyphen doesn't solve the problem so I don't know what the underlying issue is.

For some background, I'm actually using the textinput plugin differently on my front-end. Instead of letting the user type into the input field, I'm programmatically populating it from data fetched on the backend after the user has made some product customization selections on the front end (choosing from a very large inventory of gemstones held in a separate database).  So it is my php code that generates the comment string, then javascript updates the textinput field on behalf of the user as the input field is actually specified as readonly and hidden and only displays in the cart.

If I knew joomla and virtuemart better (or even php for that matter), I would have written my own plugin for this so I know this is not the best solution.  I thought it was working great until I found this scenario where the middle part of the string goes missing and I can't figure out all the paths that the code takes to know when/where it is getting modified and why.

Thanks in advance for any help or tips you can offer.

Andrea

aerdna

Just in case anyone is up for the challenge of this one...I've made some progress in identifying the problem characters.  It appears if my textinput contains the letters "on", then the rest of the string starting with "on" is omitted.  Perhaps there's some textinput plugin code that is buggy and attempting to remove javascript onX() handlers but instead it's just mangling completely valid words that aren't script methods.

I'm still trying to figure out the data flow in joomla and for vm plugins to see at what point the textinput string gets trashed, so if anyone has some tips on how to figure out the dataflow, I'd really appreciate it.

I'm surprised no one else has come across this issue.  Surely there are people using the textinput plugin where the customer enters words containing "on" in them.

Thanks,
Andrea

aerdna

I finally found the problem...line 1780 in helpers/cart.php has this sloppy line:

$value = (string)preg_replace('#on[a-z](.+?)\)#si','',$value);

Which essentially is removing anything that starts with "on".  I see that there is a "customFilter" flag, so now my issue is either correct the above code to do what it is supposed to do (i.e. to remove script methods like onClick, etc.), or figure out where custom filters get set and how those are used, and see if that code works. 

I am doing all of this without any knowledge of where there might be virtuemart documentation and having to just read thru all the code line by line.  I see lots of tips for administrators, but almost nothing for developers.  Surely there are docs for VM3.x, right?