Jump to content

Huge 3.0.5 Problem!! Please Help!!


Guest

Recommended Posts

Add this function to the top of includes/functions.inc.php

*EDIT* Th forums software is making the code above display wrong. Grrrr. Removed. See latter post with attachment.

Then using find and replace using a tool such a Dreamweaver or EditPlus (http://www.editplus.com) or just notepad.

Replace htmlspecialchars with validHTML in all the files in the includes directory and /admin/ (excluding /admin/includes/)

:rolly:

Does that make sense?

Link to comment
Share on other sites

Guest GoodLiteCandles

It's not a big deal to me with just one product that has an apostrophe and I didnt feel like doing all of the fix, so I just changed how I worded things, haha.

Link to comment
Share on other sites

Holy cow. Thats alot of editing. Maybe show us the tweaked one's ? :rolly: (Me = Lazy).

I shall try. But before I do, is this going to work? cause I dont wanna do this then not have it work :P

Link to comment
Share on other sites

Add this function to the top of includes/functions.inc.php

function validHTML($var){

	

	$var = htmlspecialchars($var);

	$var = eregi_replace("'","'",$var);

	return $var;



}

*EDIT* Th forums software is making the code above display wrong. Grrrr.

Then using find and replace using a tool such a Dreamweaver or EditPlus (http://www.editplus.com) or just notepad.

Replace htmlspecialchars with validHTML in all the files in the includes directory and /admin/ (excluding /admin/includes/)

:rolly:

Does that make sense?

When I do it to the others an error pops up saying that VALID HTML was already declared.

Link to comment
Share on other sites

I still get Fatal error: Cannot redeclare validhtml() (previously declared in /home/newconce/public_html/includes/functions.inc.php:34)

But thats in the "includes" folder.

Link to comment
Share on other sites

Replace htmlspecialchars with validHTML in all the files in the includes directory and /admin/ (excluding /admin/includes/)

But,...But...You said "in all the files in the includes directory "

Can you be specific as to which files we have to do this in for this fix? lol

IM SO CONFUSED.

I ALWAYS GET : Fatal error: Cannot redeclare validhtml() (previously declared in /home/newconce/public_html/includes/functions.inc.php:34)

Link to comment
Share on other sites

You only put the function declaration in the functions.inc.php file.....PERIOD.

Then, in all the OTHER files, you do a search & replace for this string: "htmlspecialchars". You replace that with "validHTML".

You can do it to all the files in the /includes directory or use the list I generated earlier. That list came from a Command Line running of Grep for that string (for the uber-geeks).

:rolly:

Link to comment
Share on other sites

Guest netwizard

Weeeeeeeeeeeeeeeeeeee :zorro:

Watching that conversation has utterly confused me and done my head in. Brooky, or Sir William... can one of you kind chaps please summarise in one post excactly what one must do to solve this problem? Would really appreciate it.

Link to comment
Share on other sites

Yeah download the attached file. Change the name to functions.inc.php and upload it to the includes folder over the existing one.

Then use a find and replace tool to replace every instance of htlmspecialchars with validHTML in the includes folder. There may be a couple of instances in the admin folder too but I wouldn't worry too much as 3.0.6 will be outvery soon.

Link to comment
Share on other sites

Thanks magic. :D

If Brooky takes my suggestion on the validHTML function, it will be admin controlled in the future. There are three different ways it can be implemented which will give varying levels of XML/XHTML compliance. The only people then who need to change will be those who NEED special characters in their titles, etc. B)

Link to comment
Share on other sites

  • 2 weeks later...

Ok, here is the quick, dirty fix.  I'm going to talk to brooky before I write a full fix.  I'm not sure if that's how he wants it handled.

The problem is that the htmlspecialchars() function is messing up your single and double quotes in your product names, etc.  There is an optional command to include in that function call that will leave single and double quotes alone but will still parse out the HTML markup.

The syntax is htmlspecialchars($varname, ENT_NOQUOTES)

The ENT_NOQUOTES is not in there currently.  To fix this issue, you need to add it into each instance of htmlspecialchars in each of these files.  I believe there are 26 total instances of the function call.

Here's the file list:

/admin/products/index.php

/admin/settings/currency.php

/includes/content/viewProd.inc.php

/includes/content/cart.inc.php

/includes/content/index.inc.php

/includes/content/viewCat.inc.php

/includes/content/viewDoc.inc.php

/includes/boxes/siteDocs.inc.php

/includes/boxes/categories.inc.php

/includes/boxes/popularProducts.inc.php

/includes/boxes/randomProd.inc.php

/includes/boxes/saleItems.inc.php

/includes/boxes/shoppingCart.inc.php

/includes/functions.inc.php

/index.php

Here's an example from the index.php file:

$body->assign("META_TITLE",$config['siteTitle'].c().htmlspecialchars($meta['siteTitle']));




Here's the adjusted version:


$body->assign("META_TITLE",$config['siteTitle'].c().htmlspecialchars($meta['siteTitle'], ENT_NOQUOTES));

See?  I told you I'd have a fix for ya.   ;)

Hi sir william

I have applied this fix to my site in the main works great noe the only thins is when am in admin and I home page to edit it and I add html

As below

<center>

<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="36%" id="AutoNumber1">

<tr>

<td width="50%" rowspan="2">

&nbsp;<script language=JavaScript>

/*

+---------------------------------------------------------+

| Ad Simple Copyright www.YugDesign.com |

+---------------------------------------------------------+

| This program may be used and hosted free of charge by |

|anyone for personal purpose as long as this copyright |

|notice remains intact. |

+---------------------------------------------------------+

*/

var img_width = "350";

var img_height = "159";

var img_title = "Click Here";

var ad=new Array()

//insert here your images src

ad[0]='http://www.orbitgiftshop.co.uk/store/images/banners/large/pcditv_fm.jpg';

ad[1]='http://www.orbitgiftshop.co.uk/store/images/banners/large/mp3heavar_fm.jpg';

ad[2]='http://www.orbitgiftshop.co.uk/store/images/banners/large/fiscam_fm.jpg';

ad[3]='http://www.orbitgiftshop.co.uk/store/images/banners/large/watbin_fm.jpg';

ad[4]='http://www.orbitgiftshop.co.uk/store/images/banners/large/eonice_fm';

var links=new Array()

//insert here your links

links[0]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2';

links[1]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2';

links[2]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2';

links[3]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2';

links[4]='http://www.orbitgiftshop.co.uk/store/index.php?act=viewCat&catId=2';

var xy=Math.floor(Math.random()*ad.length);

document.write('<a href="'+links[xy]+'" target="_blank"><img src="'+ad[xy]+'" width="'+img_width+'" height="'+img_height+'" alt="'+img_title+'"></a>');

</SCRIPT>

</td>

<td width="50%">

<tr>

</table>

</center>

</body>

</html>

and then save the homepage and then look at the source its messed up instead of

'http://www.orbitgiftshop.co.uk/store/images/banners/large/mp3heavar_fm.jpg';

its

'

I think you know what I mean no ' is there any way to sort this out.?

Link to comment
Share on other sites

I believe there are 26 total instances of the function call.

I found 32 so maybe some of them are for the admin cPanel :(

Now i need to do this for a client of mine :rolleyes:

> Searching for the string 'htmlspecialchars'...

1. \upload\index.php(158,55): $body->assign("META_TITLE",$config['siteTitle'].c().htmlspecialchars($meta['siteTitle']));

2. \upload\admin\includes\rte\fckeditor.php(53,16): $HtmlValue = htmlspecialchars( $this->Value ) ;

3. \upload\admin\includes\rte\editor\filemanager\browser\default\connectors\php\util.php(35,22): return utf8_encode( htmlspecialchars( $value ) ) ;

4. \upload\admin\products\index.php(472,103): <input name="name" type="text" class="textbox" value="<?php if(isset($results[0]['name'])) echo htmlspecialchars($results[0]['name']); ?>" maxlength="255">

5. \upload\admin\settings\currency.php(54,41): $record["symbolLeft"] = $db->mySQLSafe(htmlspecialchars($_POST['symbolLeft']));

6. \upload\admin\settings\currency.php(55,42): $record["symbolRight"] = $db->mySQLSafe(htmlspecialchars($_POST['symbolRight']));

7. \upload\includes\functions.inc.php(144,34): $catArray[$i]['cat_name'] = htmlspecialchars($resultsForeign[$k]['cat_name']);

8. \upload\includes\functions.inc.php(395,69): $hiddenFields .= "<input type='hidden' name='".$key."' value='".htmlspecialchars($value)."' />\r\n";

9. \upload\includes\boxes\categories.inc.php(56,34): $results[$i]['cat_name'] = htmlspecialchars($resultsForeign[$k]['cat_name']);

10. \upload\includes\boxes\popularProducts.inc.php(52,31): $popularProds[$i]['name'] = htmlspecialchars($popularProds[$i]['name']);

11. \upload\includes\boxes\randomProd.inc.php(63,38): $box_content->assign("PRODUCT_NAME",htmlspecialchars($randProd[0]['name']));

12. \upload\includes\boxes\saleItems.inc.php(58,29): $saleItems[$i]['name'] = htmlspecialchars($saleItems[$i]['name']);

13. \upload\includes\boxes\shoppingCart.inc.php(152,43): $box_content->assign("VAL_PRODUCT_NAME",htmlspecialchars($product[0]['name']));

14. \upload\includes\boxes\siteDocs.inc.php(68,30): $results[$i]['doc_name'] = htmlspecialchars($results[$i]['doc_name']);

15. \upload\includes\content\cart.inc.php(400,41): $view_cart->assign("VAL_PRODUCT_NAME",htmlspecialchars($product[0]["name"]));

16. \upload\includes\content\cart.inc.php(418,39): $view_cart->assign("VAL_OPT_NAME",htmlspecialchars($option[0]['option_name']));

17. \upload\includes\content\index.inc.php(46,29): $index->assign("HOME_TITLE",htmlspecialchars(stripslashes($home['title'])));

18. \upload\includes\content\index.inc.php(90,36): $index->assign("VAL_PRODUCT_NAME",htmlspecialchars($latestProducts[$i]['name']));

19. \upload\includes\content\viewCat.inc.php(90,37): $view_cat->assign("TXT_CATEGORY", htmlspecialchars($subCategories[$i]['cat_name']));

20. \upload\includes\content\viewCat.inc.php(200,44): $view_cat->assign("TXT_CURENT_CATEGORY",htmlspecialchars($currentCat[0]['cat_name']));

21. \upload\includes\content\viewCat.inc.php(214,37): $view_cat->assign("TXT_CAT_TITLE",htmlspecialchars($currentCat[0]['cat_name']));

22. \upload\includes\content\viewCat.inc.php(246,33): $view_cat->assign("TXT_TITLE",htmlspecialchars($productResults[$i]['name']));

23. \upload\includes\content\viewDoc.inc.php(53,31): $view_doc->assign("DOC_NAME",htmlspecialchars($result[0]['doc_name']));

24. \upload\includes\content\viewProd.inc.php(67,37): $view_prod->assign("TXT_PRODTITLE",htmlspecialchars($prodArray[0]['name']));

25. \upload\modules\shipping\USPS\class.usps.php(446,53): echo "<strong>Request XML:</strong><hr />".nl2br(htmlspecialchars($this->request_xml))."<hr />";

26. \upload\modules\shipping\USPS\class.usps.php(447,52): echo "<strong>Return XML:</strong><hr />".nl2br(htmlspecialchars($return_xml));

27. \upload\pear\Log\display.php(98,20): nl2br(htmlspecialchars($message)) .

28. \upload\pear\Services\PayPal\SOAP\Base.php(550,29): $xmlout_value = htmlspecialchars($value);

29. \upload\pear\Services\PayPal\SOAP\Parser.php(105,45): $this->_raiseSoapFault($err,htmlspecialchars($xml));

30. \upload\pear\Services\PayPal\SOAP\Parser.php(292,40): $this->message[$pos]['name'] = htmlspecialchars($qname->name);

31. \upload\pear\Services\PayPal\SOAP\Transport\HTTP.php(600,9): //print htmlspecialchars($this->outgoing_payload);

32. \upload\pear\Services\PayPal\SOAP\Transport\HTTP.php(602,9): //print htmlspecialchars($this->incoming_payload);

> Total 32 occurrence(s) have been found.

Link to comment
Share on other sites

Guest estelle

Why doesn't someone just log a Bug Report. Chances are Brooky will fix it for 3.0.6 which will be released very soon. Brooky can probably do a find and replace and have all the changes made in less than a minute <_<

Link to comment
Share on other sites

Guest bushsuckz

I am hoping that the quotes problem is not the only thing fixed in 3.0.6. What seems to be a larger problem is being able to put line breaks with <br> and <p> for the title description without having the HTML tags showing up in the display. Now, I have to go and edit all the products I had been testing. I will have to transfer extra title lines over to the actual product description area (which requires a lot of time and effort) and things won't look as good.

Everything seemed to be working well in 3.0.2 and 3.0.3. I hope that this HTML problem gets fixed in 3.0.6 or I will have to revert back to the earlier versions.

Looking forward to the fix. Line breaks are generally more priority than quotes, so I hope this problem is resolved with 3.0.6.

Link to comment
Share on other sites

Oh vrakas, I purposefully didn't include the /pear/ directory in my count of 26. So with the 6 in there, there are indeed 32. But since pear is a 3rd party add-on, I didn't feel the need to muck with it. :D

Brooky posted a nice clean fix in this thread....by adding a new function to the software. My initial suggestion to him was to allow 3 settings for that function controlled by admin. You could have full XML compliant parsing by converting tags and single/double quotes, partial by leaving the quotes or broken compliance by leaving the tags untouched. Leave it up to the admin. I don't yet if he incorporated that, but since it's now in a separate function, it would be REALLY easy to circumvent any tag replacement. We'll know when it's magically released. :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...