Jump to content

Huge 3.0.5 Problem!! Please Help!!


Guest

Recommended Posts

Hi,

On my shop after I upgraded to 3.0.5 , each product title that contains an apostrophe for example "The Big Ole's Monte" , it turns into "The Big Ole& #39;s Monte" .

Is there a fix for this? I have almost 1,000 products and Im really not wanting to readd them.

--Jake

Link to comment
Share on other sites

Hi,

On my shop after I upgraded to 3.0.5 , each product title that contains an apostrophe for example "The Big Ole's Monte" , it turns into "The Big Ole& #39;s Monte" .

Is there a fix for this? I have almost 1,000 products and Im really not wanting to readd them.

--Jake

I have the same problem

Link to comment
Share on other sites

There were several instances in the code where variables were parsed through htmlspecialchars(). This is what caused the problem. I'm not entirely sure why it was done yet, perhaps brooky will chime in on this one. I have a feeling it has to do with standards and compliance, but I'm not entirely sure I agree with it yet. :P

Link to comment
Share on other sites

Does this appear in the English?

Not sure if i understod your question, but it appears in the english language file and the norwegian that i'm using. The problem is if i write Heaven's Soldiers in product name, it changes to Heaven's Soldiers. If i remove the ' it works fine.

Hope someone can help us.

Link to comment
Share on other sites

I've submitted an adaptive fix idea to brooky for this. I dunno if he'll take my suggestion or not, but we'll see. If not, I can post it, but it'll take some pretty hefty changes as the htmlspecialchars() function is called in 20+ files. :w00t:

Link to comment
Share on other sites

magicexpress. The e-mail problem in 3.0.5 was a bigger, more urgent problem for me to fix, so I did it first. I'll tackle the other one either later today or tomorrow (depends on how many projects the wife has for me). :)

Link to comment
Share on other sites

Ok, here is the quick, dirty fix. I'm going to talk to brooky before I write a full fix. I'm not sure if that's how he wants it handled.

The problem is that the htmlspecialchars() function is messing up your single and double quotes in your product names, etc. There is an optional command to include in that function call that will leave single and double quotes alone but will still parse out the HTML markup.

The syntax is htmlspecialchars($varname, ENT_NOQUOTES)

The ENT_NOQUOTES is not in there currently. To fix this issue, you need to add it into each instance of htmlspecialchars in each of these files. I believe there are 26 total instances of the function call.

Here's the file list:

/admin/products/index.php

/admin/settings/currency.php

/includes/content/viewProd.inc.php

/includes/content/cart.inc.php

/includes/content/index.inc.php

/includes/content/viewCat.inc.php

/includes/content/viewDoc.inc.php

/includes/boxes/siteDocs.inc.php

/includes/boxes/categories.inc.php

/includes/boxes/popularProducts.inc.php

/includes/boxes/randomProd.inc.php

/includes/boxes/saleItems.inc.php

/includes/boxes/shoppingCart.inc.php

/includes/functions.inc.php

/index.php

Here's an example from the index.php file:

$body->assign("META_TITLE",$config['siteTitle'].c().htmlspecialchars($meta['siteTitle']));




Here's the adjusted version:


$body->assign("META_TITLE",$config['siteTitle'].c().htmlspecialchars($meta['siteTitle'], ENT_NOQUOTES));

See? I told you I'd have a fix for ya. :)

Link to comment
Share on other sites

Guest GoodLiteCandles

Sir William,

Is what you posted above correct and what is supposed to be done for the fix?

I have a new product that has an apostrophe in it and I would like to correct that.

Thanks.

Link to comment
Share on other sites

magic, I could do that, but like I said, there are 26 or so unique instances in several files. I cannot do a search/replace on them, they all have to be hand-edited. I simply don't have the time to jump into such a task for nothing. Now if a couple of you want to get together and chip in a few bucks each, I can rearrange things. But paying work has to come first.

Here's how I prioritize my programming time:

1. Core code bug fixes.

2. Paid mods and programming.

3. Mods and programming for planned sale.

4. Mods and programming for my use (might sell, might not).

5. Mods and programming for free.

If I don't stick to that, I'd be doing freebies for everybody all the time. As it is, only a few people get the freebie help. ;)

Link to comment
Share on other sites

Well, let me be brutally honest.

If Brooky made the new Cubecart 3.0.5 and they had a HUGE apostrophe error, wouldnt it be common sense that no one would use 3.0.5 and brooky should release a 3.0.6 update with this fix right away?

I mean, 3.0.5 is useless with this error.

--Jake

Link to comment
Share on other sites

The issue is NOT an apostrophe PROBLEM, it's maintaining XML compliance. Compliance was the choice. It was not compliant otherwise.

I have told you how to fix it if you choose to. Be aware that that change will break XML compliance.

I'm sorry if that's not good enough for you, but don't go cutting Brooky for his decision to be the ONLY compliant cart in existance.

Link to comment
Share on other sites

Sir William the legend has done it yet again.

THANK YOU SO MUCH.

It was done to make the store meet W3C standards.

Prior to this there was a bug with apostrophies causing page output to break. This was fixed by changing the ' to its html equivalent.

But the htmlspecialchars() function has reverted it back. :P

Stuipidly overlooked by me as I only tested it with & and a few other special charachters. :rolly:

It can be fixed in one of two ways.

1. Removing the replace function in the mySQLSafe function in the db.php class.

2. Sir Williams Fix

BUT now many peoples data is stored in the db as with the apsotrophie as the html value. So it has to be method 2. :lol:

Sorry this post may go over some peoples heads but I'm kinda thinking out loud.

Probably the best solution is a new function as it can be updated easily if neccessary.

//eo thinking out loud ;)

Thanks to you all. :D

Link to comment
Share on other sites

The issue is NOT an apostrophe PROBLEM, it's maintaining XML compliance. Compliance was the choice. It was not compliant otherwise.

I have told you how to fix it if you choose to. Be aware that that change will break XML compliance.

I'm sorry if that's not good enough for you, but don't go cutting Brooky for his decision to be the ONLY compliant cart in existance.

Whoa, I wasn't blaming anyone. Im just saying that this should have been an imediate update.

Link to comment
Share on other sites

Sir William the legend has done it yet again.

THANK YOU SO MUCH.

It was done to make the store meet W3C standards.

Prior to this there was a bug with apostrophies causing page output to break. This was fixed by changing the ' to its html equivalent.

But the htmlspecialchars() function has reverted it back. :P

Stuipidly overlooked by me as I only tested it with & and a few other special charachters. :rolly:

It can be fixed in one of two ways.

1. Removing the replace function in the mySQLSafe function in the db.php class.

2. Sir Williams Fix

BUT now many peoples data is stored in the db as with the apsotrophie as the html value. So it has to be method 2. :lol:

Sorry this post may go over some peoples heads but I'm kinda thinking out loud.

Probably the best solution is a new function as it can be updated easily if neccessary.

//eo thinking out loud ;)

Thanks to you all. :D

Can you put up the tweaked files?

Link to comment
Share on other sites

My proposed fix based on Sir Williams

Top of includes/functions.inc.php

//////////////////////////////////

// make output valid html to meet w3c standards

////////

function validHTML($var){



	return htmlspecialchars($var, ENT_NOQUOTES);



}

Replace htmlspecialchars with validHTML. :rolly:

Thanks William. :P

I'm still testing this...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...