News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Quotation mark in category name

Started by d0ublezer0, September 15, 2017, 14:16:13 PM

Previous topic - Next topic

d0ublezer0

vm 3.2.4
j3.7.5
Disappear when saved and then opened:

create category
Category with "Quotes"
save it
open it
you will see that your category name will be as:
Category with

Studio 42

Same for Product(i corrected it for a customer), but i don't report anymore such bugs because i don't want to do sned patch only for 1 line.

d0ublezer0


Studio 42

This is the fix i use for products
File is JOOMLAROOT/administrator/components/com_virtuemart/views/product/tmpl/product_edit_information.php
<input class="required inputbox" type="text" name="product_name" id="product_name" value="<?php echo htmlentities($this->product->product_nameENT_QUOTES"UTF-8"); ?>" size="32" maxlength="400" />
This is the code to use in any input(not textarea) to support quotes
htmlentities($yourValue, ENT_QUOTES, "UTF-8");

d0ublezer0

Well, so maybe the developers will include this correction in the working project?

Studio 42

Hum, they have modifed something, but not really cool, encoding all in the DB.
So for your quotes in last VM Beta, you have now the specialchar encoded in the field.
This solve in some case the diiplay problem, but using any fields in a email send as plain text display the encoded chars.
Another problem with the new solution. Is when you use an import tools, you have to encode all.
I have to modfiy my import tool and certainly CSVI too. So not really cool, especially when you work direcly sometime in the database. Eg expporting data as CSV to work on Excel and other drawback...

d0ublezer0

Yes, that is right.
but the real solution is very simple and obvious. why not add it? escaping strings is the golden rule of working with forms, I remember it since 1999, when I started programming.

Studio 42

@d0ublezer0, i verified about Joomla $db->insertObject the save way to add records in the DB.
The only they do is use  $db->quote($vallue);
db->quote without 2nd parameter escape the string, so in the DB all are right inserted(you have no backslash in the table).
I tried allready to inject queries inside on insert or update, this get never executed, only in very old servers, you can have the problem, but then not only for mysql queries. So i really dont understand why they have added encoding, the problem was not on insert in the field, but on display only.
Because an input need to have double quotes, you have to use htmlentities($str,ENT_QUOTES,'UTF-8'). 
Note that since  PHP 5.6 ihtmlentities use always UTF-8, but Joomla 4 want only php7 support, so this UTF-8 is only for compatibility and is obsolete for Joomla 4.

d0ublezer0

#8
An alternative solution that suited for me:
copy administration template file into the
\administrator\templates\isis\html\com_virtuemart\category\edit_categoryform.php
and make the necessary changes in it.

Yes, this is also a hack.
But it will not be automatically lost when upgraded, if you suddenly forget to make a copy of your changes.

Milbo

Quote from: Studio 42 on August 03, 2018, 21:30:30 PM
I tried allready to inject queries inside on insert or update, this get never executed, only in very old servers, you can have the problem, but then not only for mysql queries. So i really dont understand why they have added encoding, the problem was not on insert in the field, but on display only.
Because an input need to have double quotes, you have to use htmlentities($str,ENT_QUOTES,'UTF-8'). 
Note that since  PHP 5.6 ihtmlentities use always UTF-8, but Joomla 4 want only php7 support, so this UTF-8 is only for compatibility and is obsolete for Joomla 4.

Time to think about removing it. But next release, not for vm3.4
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/