#6 v 1.8.0 Escaping/quoting problem

Any_/_Other
closed-fixed
nobody
1
2005-03-01
2004-12-21
Bakkulf
No

- create a new answer type
- enter information in answer name, label and some of
the answer values
- choose to add some more display and numeric value boxes

The page reloads, but answer name, label and answer
values (displayed) will get quoted with single quotes,
and already quoted text disappears. Sometimes the
answer type will be reset to MS.
Eg; the Answer value
Yes - "sometimes"
will change to
'Yes - '

Environment:
WinXP with IIS 5, PHP 5.0.1 and MySQL 4.0.15.
Client: IE 6.

Regards, Bakkulf
- really enjoying this nice peace of software :)

Discussion

  • John Holmes
    John Holmes
    2005-03-01

    Logged In: YES
    user_id=609197

    A quick fix for this that'll be included in the next
    version. Add the following on line 312 of
    classes/answertypes.class.php:

    if(isset($_REQUEST['add_answers_submit']))
    { $ss_type = SAFE_STRING_TEXT; }
    else
    { $ss_type = SAFE_STRING_DB; }

    Then on lines 312 - 519, replace any occurances of
    SAFE_STRING_DB with $ss_type.

    You'll find occurances on the following lines (line numbers
    are before adding the above): 316, 320, 332, 346, 368 and 376.

    Hope that helps.

    ---John Holmes...

     
  • John Holmes
    John Holmes
    2005-03-01

    • labels: 635654 --> Database / ADOdb
    • priority: 5 --> 1
    • status: open --> closed-fixed