[0.7.9RC3] Information description and title not correctly entered into the DB

Post by JNeuhoff » Tue Oct 28, 2008 9:45 pm

We also need fixes similar to what we have done for category and product descriptions (both for the Insert and Update actions) in the following files:

/admin/controller/information.php on lines 45 and 85:

Code: Select all

				$database->query($database->parse($sql, $insert_id, $key, html_entity_decode($value['title']), html_entity_decode($value['description'])));
....
				$database->query($database->parse($sql, $request->get('information_id'), $key, html_entity_decode($value['title']), html_entity_decode($value['description'])));

/catalog/controller/information.php on lines 17 and 19:

Code: Select all

  		$template->set('title', htmlentities($information_info['title'])); 
...
      		$view->set('heading_title', htmlentities($information_info['title']));

See http://code.google.com/p/open-cart/issues/detail?id=101 for more details.
Last edited by JNeuhoff on Tue Oct 28, 2008 10:02 pm, edited 1 time in total.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig

User avatar
JNeuhoff
Guru Member
Posts
7491
Joined
Wed Dec 05, 2007 3:38 am
Top

Re: [0.7.9RC3] Information description and name not correctly entered into the DB

Post by Qphoria » Tue Oct 28, 2008 10:03 pm

hmm are you actually seeing an error for these?

I was looking at these yesterday during some code cleanup and wondered if they needed to be patched to allow html characters.

But

1. I entered a new information titled "Shipping & Returns" and saved it
2. I checked the database table and saw that it saved as "Shipping & Returns"
3. I checked the front end and found "Shipping & Returns"

So is this not correct behavior?
The same is true for categories and products

Are you looking to have the un-tampered version in the database ?
Last edited by Qphoria on Tue Oct 28, 2008 10:07 pm, edited 1 time in total.

Image

User avatar
Qphoria
Administrator
Posts
20056
Joined
Tue Jul 22, 2008 3:02 am
Top

Re: [0.7.9RC3] Information description and title not correctly entered into the DB

Post by JNeuhoff » Tue Oct 28, 2008 10:05 pm

2. I checked the database table and saw that it saved as "Shipping & Returns"
No, it should store it as: "Shipping & Returns", to keep the DB contents more backward compatible. If you apply my sugested fixes, it will work fine.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig

User avatar
JNeuhoff
Guru Member
Posts
7491
Joined
Wed Dec 05, 2007 3:38 am
Top

Re: [0.7.9RC3] Information description and title not correctly entered into the DB

Post by Qphoria » Tue Oct 28, 2008 10:07 pm

Does that buy anything? I usually see the escaped version in the database on other systems (CMS, BBs, Carts, etc)
The reality is if we do it for these 2, there are 50 other fields we need to do it for. product titles, category titles, model numbers, price fields, etc
Last edited by Qphoria on Tue Oct 28, 2008 10:09 pm, edited 1 time in total.

Image

User avatar
Qphoria
Administrator
Posts
20056
Joined
Tue Jul 22, 2008 3:02 am
Top

Re: [0.7.9RC3] Information description and title not correctly entered into the DB

Post by Qphoria » Tue Oct 28, 2008 10:13 pm

Actually i lied.. it does appear that other systems do save it unescaped as well.

We will look into the full effect of the change then.

Image

User avatar
Qphoria
Administrator
Posts
20056
Joined
Tue Jul 22, 2008 3:02 am
Top
Locked
Return to “Bug Reports”
Who is online

Users browsing this forum: No registered users and 1 guest