Al Brookbanks Posted October 24, 2005 Share Posted October 24, 2005 It doesn't work. Watch this space. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 24, 2005 Share Posted October 24, 2005 Add this function to the top of includes/functions.inc.php *EDIT* Th forums software is making the code above display wrong. Grrrr. Removed. See latter post with attachment. Then using find and replace using a tool such a Dreamweaver or EditPlus (http://www.editplus.com) or just notepad. Replace htmlspecialchars with validHTML in all the files in the includes directory and /admin/ (excluding /admin/includes/) Does that make sense? Quote Link to comment Share on other sites More sharing options...
Guest GoodLiteCandles Posted October 24, 2005 Share Posted October 24, 2005 It's not a big deal to me with just one product that has an apostrophe and I didnt feel like doing all of the fix, so I just changed how I worded things, haha. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2005 Share Posted October 24, 2005 Holy cow. Thats alot of editing. Maybe show us the tweaked one's ? (Me = Lazy). I shall try. But before I do, is this going to work? cause I dont wanna do this then not have it work :P Quote Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2005 Share Posted October 24, 2005 Add this function to the top of includes/functions.inc.php function validHTML($var){ $var = htmlspecialchars($var); $var = eregi_replace("'","'",$var); return $var; } *EDIT* Th forums software is making the code above display wrong. Grrrr. Then using find and replace using a tool such a Dreamweaver or EditPlus (http://www.editplus.com) or just notepad. Replace htmlspecialchars with validHTML in all the files in the includes directory and /admin/ (excluding /admin/includes/) Does that make sense? When I do it to the others an error pops up saying that VALID HTML was already declared. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2005 Share Posted October 24, 2005 Fatal error: Cannot redeclare validhtml() (previously declared in /home/newconce/public_html/includes/functions.inc.php:31) Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 24, 2005 Share Posted October 24, 2005 Attached is the new functions.inc.php as pasting the code on the forums corrupts it: rename it to functions.inc.php from .txt Then replace htmlspecialchars in the files mentioned previously in this thread with validHTML.functions.txt Quote Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2005 Share Posted October 24, 2005 I still get Fatal error: Cannot redeclare validhtml() (previously declared in /home/newconce/public_html/includes/functions.inc.php:34) But thats in the "includes" folder. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 24, 2005 Share Posted October 24, 2005 You only put it in the functions folder and nowhere else. :rolly: Quote Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2005 Share Posted October 24, 2005 Replace htmlspecialchars with validHTML in all the files in the includes directory and /admin/ (excluding /admin/includes/) But,...But...You said "in all the files in the includes directory " Can you be specific as to which files we have to do this in for this fix? lol IM SO CONFUSED. I ALWAYS GET : Fatal error: Cannot redeclare validhtml() (previously declared in /home/newconce/public_html/includes/functions.inc.php:34) Quote Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2005 Share Posted October 24, 2005 You only put the function declaration in the functions.inc.php file.....PERIOD. Then, in all the OTHER files, you do a search & replace for this string: "htmlspecialchars". You replace that with "validHTML". You can do it to all the files in the /includes directory or use the list I generated earlier. That list came from a Command Line running of Grep for that string (for the uber-geeks). :rolly: Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 24, 2005 Share Posted October 24, 2005 Sir William has it. :zorro: Quote Link to comment Share on other sites More sharing options...
Guest netwizard Posted October 24, 2005 Share Posted October 24, 2005 Weeeeeeeeeeeeeeeeeeee Watching that conversation has utterly confused me and done my head in. Brooky, or Sir William... can one of you kind chaps please summarise in one post excactly what one must do to solve this problem? Would really appreciate it. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 24, 2005 Share Posted October 24, 2005 Yeah download the attached file. Change the name to functions.inc.php and upload it to the includes folder over the existing one. Then use a find and replace tool to replace every instance of htlmspecialchars with validHTML in the includes folder. There may be a couple of instances in the admin folder too but I wouldn't worry too much as 3.0.6 will be outvery soon. Quote Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2005 Share Posted October 24, 2005 WORKED LIKE A CHARM. FARGIN GENIOUS! Quote Link to comment Share on other sites More sharing options...
Guest Posted October 25, 2005 Share Posted October 25, 2005 Thanks magic. If Brooky takes my suggestion on the validHTML function, it will be admin controlled in the future. There are three different ways it can be implemented which will give varying levels of XML/XHTML compliance. The only people then who need to change will be those who NEED special characters in their titles, etc. B) Quote Link to comment Share on other sites More sharing options...
Guest Posted November 7, 2005 Share Posted November 7, 2005 Ok, here is the quick, dirty fix. I'm going to talk to brooky before I write a full fix. I'm not sure if that's how he wants it handled. The problem is that the htmlspecialchars() function is messing up your single and double quotes in your product names, etc. There is an optional command to include in that function call that will leave single and double quotes alone but will still parse out the HTML markup. The syntax is htmlspecialchars($varname, ENT_NOQUOTES) The ENT_NOQUOTES is not in there currently. To fix this issue, you need to add it into each instance of htmlspecialchars in each of these files. I believe there are 26 total instances of the function call. Here's the file list: /admin/products/index.php /admin/settings/currency.php /includes/content/viewProd.inc.php /includes/content/cart.inc.php /includes/content/index.inc.php /includes/content/viewCat.inc.php /includes/content/viewDoc.inc.php /includes/boxes/siteDocs.inc.php /includes/boxes/categories.inc.php /includes/boxes/popularProducts.inc.php /includes/boxes/randomProd.inc.php /includes/boxes/saleItems.inc.php /includes/boxes/shoppingCart.inc.php /includes/functions.inc.php /index.php Here's an example from the index.php file: $body->assign("META_TITLE",$config['siteTitle'].c().htmlspecialchars($meta['siteTitle'])); Here's the adjusted version: $body->assign("META_TITLE",$config['siteTitle'].c().htmlspecialchars($meta['siteTitle'], ENT_NOQUOTES)); See? I told you I'd have a fix for ya.  Hi sir william I have applied this fix to my site in the main works great noe the only thins is when am in admin and I home page to edit it and I add html As below <center> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="36%" id="AutoNumber1"> <tr> <td width="50%" rowspan="2"> <script language=JavaScript> /* +---------------------------------------------------------+ | Ad Simple Copyright www.YugDesign.com | +---------------------------------------------------------+ | This program may be used and hosted free of charge by | |anyone for personal purpose as long as this copyright | |notice remains intact. | +---------------------------------------------------------+ */ var img_width = "350"; var img_height = "159"; var img_title = "Click Here"; var ad=new Array() //insert here your images src ad[0]='http://www.orbitgiftshop.co.uk/store/images/banners/large/pcditv_fm.jpg'; ad[1]='http://www.orbitgiftshop.co.uk/store/images/banners/large/mp3heavar_fm.jpg'; ad[2]='http://www.orbitgiftshop.co.uk/store/images/banners/large/fiscam_fm.jpg'; ad[3]='http://www.orbitgiftshop.co.uk/store/images/banners/large/watbin_fm.jpg'; ad[4]='http://www.orbitgiftshop.co.uk/store/images/banners/large/eonice_fm'; var links=new Array() //insert here your links links[0]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2'; links[1]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2'; links[2]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2'; links[3]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2'; links[4]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2'; var xy=Math.floor(Math.random()*ad.length); document.write('<a href="'+links[xy]+'" target="_blank"><img src="'+ad[xy]+'" width="'+img_width+'" height="'+img_height+'" alt="'+img_title+'"></a>'); </SCRIPT> </td> <td width="50%"> <tr> </table> </center> </body> </html> and then save the homepage and then look at the source its messed up instead of 'http://www.orbitgiftshop.co.uk/store/images/banners/large/mp3heavar_fm.jpg'; its ' I think you know what I mean no ' is there any way to sort this out.? Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted November 9, 2005 Share Posted November 9, 2005 I believe there are 26 total instances of the function call. I found 32 so maybe some of them are for the admin cPanel Now i need to do this for a client of mine > Searching for the string 'htmlspecialchars'... 1. \upload\index.php(158,55): $body->assign("META_TITLE",$config['siteTitle'].c().htmlspecialchars($meta['siteTitle'])); 2. \upload\admin\includes\rte\fckeditor.php(53,16): $HtmlValue = htmlspecialchars( $this->Value ) ; 3. \upload\admin\includes\rte\editor\filemanager\browser\default\connectors\php\util.php(35,22): return utf8_encode( htmlspecialchars( $value ) ) ; 4. \upload\admin\products\index.php(472,103): <input name="name" type="text" class="textbox" value="<?php if(isset($results[0]['name'])) echo htmlspecialchars($results[0]['name']); ?>" maxlength="255"> 5. \upload\admin\settings\currency.php(54,41): $record["symbolLeft"] = $db->mySQLSafe(htmlspecialchars($_POST['symbolLeft'])); 6. \upload\admin\settings\currency.php(55,42): $record["symbolRight"] = $db->mySQLSafe(htmlspecialchars($_POST['symbolRight'])); 7. \upload\includes\functions.inc.php(144,34): $catArray[$i]['cat_name'] = htmlspecialchars($resultsForeign[$k]['cat_name']); 8. \upload\includes\functions.inc.php(395,69): $hiddenFields .= "<input type='hidden' name='".$key."' value='".htmlspecialchars($value)."' />\r\n"; 9. \upload\includes\boxes\categories.inc.php(56,34): $results[$i]['cat_name'] = htmlspecialchars($resultsForeign[$k]['cat_name']); 10. \upload\includes\boxes\popularProducts.inc.php(52,31): $popularProds[$i]['name'] = htmlspecialchars($popularProds[$i]['name']); 11. \upload\includes\boxes\randomProd.inc.php(63,38): $box_content->assign("PRODUCT_NAME",htmlspecialchars($randProd[0]['name'])); 12. \upload\includes\boxes\saleItems.inc.php(58,29): $saleItems[$i]['name'] = htmlspecialchars($saleItems[$i]['name']); 13. \upload\includes\boxes\shoppingCart.inc.php(152,43): $box_content->assign("VAL_PRODUCT_NAME",htmlspecialchars($product[0]['name'])); 14. \upload\includes\boxes\siteDocs.inc.php(68,30): $results[$i]['doc_name'] = htmlspecialchars($results[$i]['doc_name']); 15. \upload\includes\content\cart.inc.php(400,41): $view_cart->assign("VAL_PRODUCT_NAME",htmlspecialchars($product[0]["name"])); 16. \upload\includes\content\cart.inc.php(418,39): $view_cart->assign("VAL_OPT_NAME",htmlspecialchars($option[0]['option_name'])); 17. \upload\includes\content\index.inc.php(46,29): $index->assign("HOME_TITLE",htmlspecialchars(stripslashes($home['title']))); 18. \upload\includes\content\index.inc.php(90,36): $index->assign("VAL_PRODUCT_NAME",htmlspecialchars($latestProducts[$i]['name'])); 19. \upload\includes\content\viewCat.inc.php(90,37): $view_cat->assign("TXT_CATEGORY", htmlspecialchars($subCategories[$i]['cat_name'])); 20. \upload\includes\content\viewCat.inc.php(200,44): $view_cat->assign("TXT_CURENT_CATEGORY",htmlspecialchars($currentCat[0]['cat_name'])); 21. \upload\includes\content\viewCat.inc.php(214,37): $view_cat->assign("TXT_CAT_TITLE",htmlspecialchars($currentCat[0]['cat_name'])); 22. \upload\includes\content\viewCat.inc.php(246,33): $view_cat->assign("TXT_TITLE",htmlspecialchars($productResults[$i]['name'])); 23. \upload\includes\content\viewDoc.inc.php(53,31): $view_doc->assign("DOC_NAME",htmlspecialchars($result[0]['doc_name'])); 24. \upload\includes\content\viewProd.inc.php(67,37): $view_prod->assign("TXT_PRODTITLE",htmlspecialchars($prodArray[0]['name'])); 25. \upload\modules\shipping\USPS\class.usps.php(446,53): echo "<strong>Request XML:</strong><hr />".nl2br(htmlspecialchars($this->request_xml))."<hr />"; 26. \upload\modules\shipping\USPS\class.usps.php(447,52): echo "<strong>Return XML:</strong><hr />".nl2br(htmlspecialchars($return_xml)); 27. \upload\pear\Log\display.php(98,20): nl2br(htmlspecialchars($message)) . 28. \upload\pear\Services\PayPal\SOAP\Base.php(550,29): $xmlout_value = htmlspecialchars($value); 29. \upload\pear\Services\PayPal\SOAP\Parser.php(105,45): $this->_raiseSoapFault($err,htmlspecialchars($xml)); 30. \upload\pear\Services\PayPal\SOAP\Parser.php(292,40): $this->message[$pos]['name'] = htmlspecialchars($qname->name); 31. \upload\pear\Services\PayPal\SOAP\Transport\HTTP.php(600,9): //print htmlspecialchars($this->outgoing_payload); 32. \upload\pear\Services\PayPal\SOAP\Transport\HTTP.php(602,9): //print htmlspecialchars($this->incoming_payload); > Total 32 occurrence(s) have been found. Quote Link to comment Share on other sites More sharing options...
Guest estelle Posted November 9, 2005 Share Posted November 9, 2005 Why doesn't someone just log a Bug Report. Chances are Brooky will fix it for 3.0.6 which will be released very soon. Brooky can probably do a find and replace and have all the changes made in less than a minute <_< Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted November 9, 2005 Share Posted November 9, 2005 He knows about it and it will be fixed in 3.06 <_< Quote Link to comment Share on other sites More sharing options...
Guest bushsuckz Posted November 9, 2005 Share Posted November 9, 2005 I am hoping that the quotes problem is not the only thing fixed in 3.0.6. What seems to be a larger problem is being able to put line breaks with <br> and <p> for the title description without having the HTML tags showing up in the display. Now, I have to go and edit all the products I had been testing. I will have to transfer extra title lines over to the actual product description area (which requires a lot of time and effort) and things won't look as good. Everything seemed to be working well in 3.0.2 and 3.0.3. I hope that this HTML problem gets fixed in 3.0.6 or I will have to revert back to the earlier versions. Looking forward to the fix. Line breaks are generally more priority than quotes, so I hope this problem is resolved with 3.0.6. Quote Link to comment Share on other sites More sharing options...
Guest Posted November 10, 2005 Share Posted November 10, 2005 Oh vrakas, I purposefully didn't include the /pear/ directory in my count of 26. So with the 6 in there, there are indeed 32. But since pear is a 3rd party add-on, I didn't feel the need to muck with it. Brooky posted a nice clean fix in this thread....by adding a new function to the software. My initial suggestion to him was to allow 3 settings for that function controlled by admin. You could have full XML compliant parsing by converting tags and single/double quotes, partial by leaving the quotes or broken compliance by leaving the tags untouched. Leave it up to the admin. I don't yet if he incorporated that, but since it's now in a separate function, it would be REALLY easy to circumvent any tag replacement. We'll know when it's magically released. :D Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted November 10, 2005 Share Posted November 10, 2005 @Sir William, i know you always give excelent and completed solutions thanks for clearing this one for me :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.