More of a Nuisance than a Bug

As a site administrator, I may wish to enter a link to a manufacturer's website within a product description or a link to a resource or reference in an information description. However, when entering the link in the description field (and I do use "source mode"), after clicking the save button, the quotes in the link get "escaped" to """.

Now, I do understand the security issues involved (SQL injection and the like), but surely this should only be necessary on the front end where unscrupulous visitors to your site may try to compromise (or hack) your system.

Is it really necessary to include this "escaping" of characters within the administration area, where it is reasonable to assume that only the site administrator (or those authorized by the administrator) would be likely to be making these sorts or entries?

Fido-X.

hi fido-x

Could you post the full text of the link that is causing the problem?

thanks

bruce wrote: hi fido-x

Could you post the full text of the link that is causing the problem?

thanks

Perhaps you didn't understand what I was trying to say.

Login to your administration, select Catalog->Product (or Catalog->Information) and insert a new product (or information page). Enter some text into the description field including a hyperlink to an external website, then click save. Since I use "source mode" when entering data into the description field, I would enter the link as after clicking the save button, it is stored as When "mousing over" the link on the front end it appears as Clicking it just takes you to your home page.

NOTE: I'm not using "real" domain names in the above example.

This is actually because your server is not setup correctly.

I'm going to force people to turn off magic_quotes_gpc in the next release.

before I stripped the slashes out manually but this causes problems with windows servers when uploadign files.