limesurvey-developers Mailing List for LimeSurvey - the Online Survey Tool (Page 90)
The leading Open Source survey tool
Brought to you by:
c_schmitz
You can subscribe to this list here.
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(11) |
Jun
(7) |
Jul
|
Aug
(2) |
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(1) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2005 |
Jan
|
Feb
(1) |
Mar
(6) |
Apr
(2) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(9) |
Sep
|
Oct
|
Nov
|
Dec
(14) |
2007 |
Jan
(25) |
Feb
(143) |
Mar
(24) |
Apr
(34) |
May
(36) |
Jun
(8) |
Jul
|
Aug
(3) |
Sep
(45) |
Oct
(40) |
Nov
(22) |
Dec
(15) |
2008 |
Jan
(7) |
Feb
(42) |
Mar
(26) |
Apr
(49) |
May
(35) |
Jun
(42) |
Jul
(19) |
Aug
(18) |
Sep
(2) |
Oct
(3) |
Nov
(13) |
Dec
(14) |
2009 |
Jan
(11) |
Feb
(19) |
Mar
(40) |
Apr
(12) |
May
(25) |
Jun
(36) |
Jul
(55) |
Aug
(26) |
Sep
(7) |
Oct
(5) |
Nov
(12) |
Dec
(12) |
2010 |
Jan
(17) |
Feb
(13) |
Mar
(114) |
Apr
(64) |
May
(61) |
Jun
(26) |
Jul
(14) |
Aug
(7) |
Sep
(20) |
Oct
(30) |
Nov
(48) |
Dec
(22) |
2011 |
Jan
(54) |
Feb
(38) |
Mar
(34) |
Apr
(29) |
May
(14) |
Jun
(39) |
Jul
(43) |
Aug
(30) |
Sep
(33) |
Oct
(31) |
Nov
(13) |
Dec
(12) |
2012 |
Jan
(41) |
Feb
(87) |
Mar
(46) |
Apr
(28) |
May
(36) |
Jun
(19) |
Jul
(23) |
Aug
(7) |
Sep
(2) |
Oct
(8) |
Nov
(14) |
Dec
(6) |
2013 |
Jan
(18) |
Feb
(12) |
Mar
|
Apr
(1) |
May
(18) |
Jun
(20) |
Jul
(5) |
Aug
(3) |
Sep
(3) |
Oct
(8) |
Nov
|
Dec
(1) |
2014 |
Jan
(10) |
Feb
(7) |
Mar
(5) |
Apr
(11) |
May
(3) |
Jun
(7) |
Jul
(1) |
Aug
(9) |
Sep
(17) |
Oct
(4) |
Nov
(23) |
Dec
|
2015 |
Jan
(9) |
Feb
(4) |
Mar
(10) |
Apr
(18) |
May
(15) |
Jun
(9) |
Jul
|
Aug
|
Sep
(5) |
Oct
(8) |
Nov
(2) |
Dec
(13) |
2016 |
Jan
|
Feb
(3) |
Mar
(2) |
Apr
(5) |
May
|
Jun
|
Jul
(6) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2017 |
Jan
(7) |
Feb
(13) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
|
Oct
|
Nov
|
Dec
|
2018 |
Jan
(2) |
Feb
|
Mar
(4) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(3) |
2019 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
2020 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Thibault Le M. <Thi...@su...> - 2007-02-09 14:52:37
|
Hi Tom, > Hi gang >=20 > The code in activate.php now uses the ADODB data dictionary=20 > methods to create a new survey. Works sweet on SQL Server,=20 > but I haven't tried it on MySQL. It' broken with rev2268... Let's see a simple example: The $createsurvey for my simple survey is: $createsurvey =3D phpsv_survey_21277 createsurvey=3Did I NOTNULL AUTO, submitdate T NOTNULL DEF '0000-00-00 00:00:00', startlanguage C(20) NOTNULL , token C(10), `21277X10X13` X, `21277X10X12` Xarray This generates the following SQL: CREATE TABLE phpsv_survey_21277 ( id INTEGER NOT NULL AUTO_INCREMENT, submitdate DATETIME NOT NULL DEFAULT 'DEF', startlanguage VARCHAR(20) NOT NULL, token VARCHAR(10), `21277X10X13` TEXT, `21277X10X12` TEXT )TYPE=3DISAM This SQL syntax is wrong for mysql for at least 2 reasons: * "there can be only one auto column and it must be defined as a key" = (from mysql CLI) * "Invalid default value for 'submitdate'" (because it's DEF and not '0000-00-00 00:00:00'). To make it work again with mysql I had to patch your code: Index: activate.php =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- activate.php (r=C3=A9vision 2287) +++ activate.php (copie de travail) @@ -249,9 +249,9 @@ else { //Create the survey responses table - $createsurvey =3D "id I NOTNULL AUTO,\n"; + $createsurvey =3D "id I NOTNULL AUTO PRIMARY,\n"; // --> START NEW FEATURE - SAVE - $createsurvey .=3D " submitdate T NOTNULL DEF '0000-00-00 00:00:00',\n"; + $createsurvey .=3D " submitdate T NOTNULL DEFAULT '0000-00-00 00:00:00',\n"; $createsurvey .=3D " startlanguage C(20) NOTNULL ,\n"; // --> END NEW FEATURE - SAVE //Check for any additional fields for this survey and create necessary fields (token and datestamp) I'm about to commit it since it really breaks mysql support, but can you test it with MSSQL ? Regards, Thibault |
From: Thibault Le M. <Thi...@su...> - 2007-02-09 11:14:55
|
No one wants to comment on this subject ? > -----Message d'origine----- > De : php...@li...=20 > [mailto:php...@li...]=20 > De la part de Thibault Le Meur > Envoy=E9 : jeudi 8 f=E9vrier 2007 18:34 > =C0 : php...@li... > Objet : [Phpsurveyor-developers] Escaping _POST and _GETfor=20 > DB processingin the SVN tree >=20 >=20 > Hi again, >=20 > I've found another bug caused by a lack of _POST variable=20 > escaping in labels.php line 513: > $query =3D "INSERT INTO ".db_table_name('labels'). "=20 > (lid, code, title, > sortorder,language) VALUES ($lid, '{$_POST['insertc ode']}', > '{$_POST['inserttitle_'.$lslanguage]}',=20 > '$newsortorder','$lslan guage')"; >=20 > This prevent the definition of labels with simple quotes. >=20 > I could easily patch this by using=20 > _one_of_the_two_remaining_escape_methods > used in the PHPSV code (I hope there are no more than 2=20 > remaining ;-) ) by > either: > * define a db_quote function (as it is aleady done in=20 > admin/database.php and /admin/vvimport.php > =3D=3D> shouldn't we use a single definition of this function=20 > in common.php ? > * or use the sanitize_sql_string (already used in=20 > ./admin/labels.php, ./admin/tokens.php,=20 > ./admin/assessments.php, ./save.php) and defined in=20 > ./classes/core/sanitize.php > =3D=3D> Though this function is more used inthe phpsv code it=20 > seems not to be database independent >=20 > I think the best solution should be either: > * to use only the db_quote function (and defining it in common.php or > sanitize.php) > * OR to use only a NEW sanitize_sql_string function that=20 > would use the adodb escaping function (as does db_quote). >=20 > What do you think ? >=20 > Regards, > Thibault >=20 >=20 >=20 >=20 >=20 >=20 > -------------------------------------------------------------- > ----------- > Using Tomcat but need to do more? Need to support web=20 > services, security? Get stuff done quickly with=20 > pre-integrated technology to make your job easier. Download=20 > IBM WebSphere Application Server v.1.0.1 based on Apache=20 > Geronimo=20 > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057& dat=3D121642 _______________________________________________ PHPSurveyor-Developers mailing list PHP...@li... https://lists.sourceforge.net/lists/listinfo/phpsurveyor-developers |
From: Thibault Le M. <Thi...@su...> - 2007-02-09 11:14:15
|
> > > > Absolute path is the safest option, I'm not sure why we > would need a > > relative path? > > Agreed, if no one objects I'll do the absolute path way tomorrow. > > Thibault Done |
From: Thibault Le M. <Thi...@su...> - 2007-02-09 11:14:07
|
> > > Hello Thibault, > > > > yes.. please do that.. thank you for noticing! > > > > Will do that tomorrow. > > Thibault Done |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 20:48:55
|
> Hello Thibault, > > yes.. please do that.. thank you for noticing! > Will do that tomorrow. Thibault |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 20:41:39
|
> Absolute path is the safest option, I'm not sure why we would need a > relative path? Agreed, if no one objects I'll do the absolute path way tomorrow. Thibault |
From: <dol...@in...> - 2007-02-08 18:41:57
|
Hi Thibault, Carsten has informed me of this issue, and i am looking into it! Thibault Le Meur wrote: > When you wat to test an inactive survey, a new borwser window is opened with > the /phpsurveyor/index.php?sid=NNNN&newtest=Y URL. > > This first call to index.php leads to a not-initalized $clang class and thus > a PHP ERROR is generated (the resulting html page looks 'blank'). If you > Refresh this page, $clang is initialized and the html page is back to > normal). > > Should there be a link to /phpsurveyor/index.php?sid=NNNN&newtest=Y&lang=XX > in admin.php instead ? > > If yes, waht language code should be returned ? The one 'currently' in used > for the admin interface ? > > Regards, > Thibault > > > +------------------------------------------------------------------------+ > | Thibault LE MEUR | http://www.supelec.fr | > | Supélec | e-mail: Thi...@su... | > | Centre de Ressources Informatiques| tel: +33 [0]1 69 85 17 89 | > | Plateau de Moulon | | > | 3 rue Joliot-Curie | fax: +33 [0]1 69 85 12 34 | > | 91192 Gif-sur-Yvette CEDEX, France| Supelec: +33 [0]1 69 85 12 12 | > +------------------------------------------------------------------------+ > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > PHPSurveyor-Developers mailing list > PHP...@li... > https://lists.sourceforge.net/lists/listinfo/phpsurveyor-developers > > |
From: <dol...@in...> - 2007-02-08 18:41:50
|
Absolute path is the safest option, I'm not sure why we would need a relative path? Perhaps a relative path would be useful if we wanted to remove the url variable from the config. Thibault Le Meur wrote: >> I think Option 2 is the best solution. >> Though there is a variable in config.php that holds the url of the >> installation, which i think would be the best choice for the path. >> > > Well it depends on what we want: > * do we want a absolute path to javascripts ? > ==> If this is the case, as you wrote, only a small change to getHeader is > necessary (replacing relative paths to absolute ones) > * If we want relative paths, I have to add a pathprefix argument to > getHeader and use getHeader(,'..') in order to build the edited temporary > templates. > > Let me know what you think... > Thibault > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > PHPSurveyor-Developers mailing list > PHP...@li... > https://lists.sourceforge.net/lists/listinfo/phpsurveyor-developers > > |
From: Carsten S. <car...@gm...> - 2007-02-08 18:19:27
|
Hello Thibault, yes.. please do that.. thank you for noticing! Best regards Carsten Thibault Le Meur wrote: > Hi, > > I know this is far from urgent, but since we are to release a new version, I > think that "help" quality is important. > > The help page tries to load the following icons: > * blank.png > ==> is in fact blank.gif > ==> Should we patch the help files to point to this icon ? > > * DownArrow.png > ==> is in fact downarrow.png > ==> Should we patch the help files to point to this icon ? > > * help.png > ==> is in fact help.gif > ==> Should we patch the help files to point to this icon ? > > * separator.png > ==> is in fact separator.gif > ==> Should we patch the help files to point to this icon ? > > * vvexport.png > ==> is in fact exportvv.png > ==> Should we patch the help files to point to this icon ? > > * vvimport.png > ==> is in fact importvv.png > ==> Should we patch the help files to point to this icon ? > > Regards, > Thibault > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > PHPSurveyor-Developers mailing list > PHP...@li... > https://lists.sourceforge.net/lists/listinfo/phpsurveyor-developers > > |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 18:12:48
|
>=20 > I think Option 2 is the best solution. > Though there is a variable in config.php that holds the url of the=20 > installation, which i think would be the best choice for the path. Well it depends on what we want: * do we want a absolute path to javascripts ? =3D=3D> If this is the case, as you wrote, only a small change to = getHeader is necessary (replacing relative paths to absolute ones) * If we want relative paths, I have to add a pathprefix argument to getHeader and use getHeader(,'..') in order to build the edited = temporary templates. Let me know what you think... Thibault |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 18:08:29
|
Hi, I know this is far from urgent, but since we are to release a new = version, I think that "help" quality is important. The help page tries to load the following icons: * blank.png =3D=3D> is in fact blank.gif =3D=3D> Should we patch the help files to point to this icon ? * DownArrow.png =3D=3D> is in fact downarrow.png =3D=3D> Should we patch the help files to point to this icon ? * help.png =3D=3D> is in fact help.gif =3D=3D> Should we patch the help files to point to this icon ? * separator.png =3D=3D> is in fact separator.gif =3D=3D> Should we patch the help files to point to this icon ? * vvexport.png =3D=3D> is in fact exportvv.png =3D=3D> Should we patch the help files to point to this icon ? * vvimport.png =3D=3D> is in fact importvv.png =3D=3D> Should we patch the help files to point to this icon ? Regards, Thibault |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 18:06:44
|
When you wat to test an inactive survey, a new borwser window is opened = with the /phpsurveyor/index.php?sid=3DNNNN&newtest=3DY URL. This first call to index.php leads to a not-initalized $clang class and = thus a PHP ERROR is generated (the resulting html page looks 'blank'). If you Refresh this page, $clang is initialized and the html page is back to normal). Should there be a link to = /phpsurveyor/index.php?sid=3DNNNN&newtest=3DY&lang=3DXX in admin.php instead ? If yes, waht language code should be returned ? The one 'currently' in = used for the admin interface ? Regards, Thibault +------------------------------------------------------------------------= + | Thibault LE MEUR | http://www.supelec.fr = | | Sup=E9lec | e-mail: = Thi...@su... | | Centre de Ressources Informatiques| tel: +33 [0]1 69 85 17 89 = | | Plateau de Moulon | = | | 3 rue Joliot-Curie | fax: +33 [0]1 69 85 12 34 = | | 91192 Gif-sur-Yvette CEDEX, France| Supelec: +33 [0]1 69 85 12 12 = | +------------------------------------------------------------------------= +=20 |
From: <dol...@in...> - 2007-02-08 18:03:32
|
I think Option 2 is the best solution. Though there is a variable in config.php that holds the url of the installation, which i think would be the best choice for the path. Regards, David Olivier Thibault Le Meur wrote: > Hi, > > As already pointed on the list, an edited template inherit the same > getHeader part that a standard template. > > This introduces broken links to (currently unused) javascripts found in > templates/scripts/* (whereas the edited template is in tmp/) > > Though this can be currently ignored because these Javascripts are not in > use, I prefer to find a solution for this by either: > * defining a new function in common.php named 'getEditTemplateHeader': > * this function is a copy of the getHeader function > * links to javascript are changed to ../scripts > > * or adding a parameter pathprefix to getHeader and appending the path to > javascripts (and other relative paths) with this prefix (default should be > to use the '.' pathprefix). > ==> this method makes it easier to modify getHeader because there would be > no need to change getEditTemplateHeader > > Comments ? > > Thibault > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > PHPSurveyor-Developers mailing list > PHP...@li... > https://lists.sourceforge.net/lists/listinfo/phpsurveyor-developers > > |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 17:34:44
|
Hi again, I've found another bug caused by a lack of _POST variable escaping in labels.php line 513: $query =3D "INSERT INTO ".db_table_name('labels'). " (lid, code, = title, sortorder,language) VALUES ($lid, '{$_POST['insertc ode']}', '{$_POST['inserttitle_'.$lslanguage]}', '$newsortorder','$lslan guage')"; This prevent the definition of labels with simple quotes. I could easily patch this by using = _one_of_the_two_remaining_escape_methods used in the PHPSV code (I hope there are no more than 2 remaining ;-) ) = by either: * define a db_quote function (as it is aleady done in admin/database.php = and /admin/vvimport.php =3D=3D> shouldn't we use a single definition of this function in = common.php ? * or use the sanitize_sql_string (already used in ./admin/labels.php, ./admin/tokens.php, ./admin/assessments.php, ./save.php) and defined in ./classes/core/sanitize.php =3D=3D> Though this function is more used inthe phpsv code it seems = not to be database independent I think the best solution should be either: * to use only the db_quote function (and defining it in common.php or sanitize.php) * OR to use only a NEW sanitize_sql_string function that would use the = adodb escaping function (as does db_quote). What do you think ? Regards, Thibault |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 17:18:35
|
Hi, As already pointed on the list, an edited template inherit the same getHeader part that a standard template. This introduces broken links to (currently unused) javascripts found in templates/scripts/* (whereas the edited template is in tmp/) Though this can be currently ignored because these Javascripts are not = in use, I prefer to find a solution for this by either: * defining a new function in common.php named 'getEditTemplateHeader': * this function is a copy of the getHeader function * links to javascript are changed to ../scripts * or adding a parameter pathprefix to getHeader and appending the path = to javascripts (and other relative paths) with this prefix (default should = be to use the '.' pathprefix). =3D=3D> this method makes it easier to modify getHeader because there = would be no need to change getEditTemplateHeader Comments ? Thibault |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 14:21:16
|
> Sounds good, go for it. Applied to SVN now rev 2278. Thanks, Thibault |
From: <dol...@in...> - 2007-02-08 13:35:04
|
Sorry, yes i am Machaven. Sounds good, go for it. Thibault Le Meur wrote: > =20 >> -----Message d'origine----- >> De : php...@li...=20 >> [mailto:php...@li...]=20 >> De la part de dol...@in... >> Envoy=E9 : jeudi 8 f=E9vrier 2007 14:05 >> =C0 : php...@li... >> Objet : Re: [Phpsurveyor-developers] [BUG] rev2269: ‘=20 >> replaced by '?' !! >> >> >> Hi Thibault, >> =20 > > Hi David (machaven?) > > =20 >> Sorry i was having problems with the mailing list yesterday. >> >> =20 > > No problem ;-) > =20 > =20 >> Yes my intension is to do the str_replace on or before the translated=20 >> string is returned. >> =20 > > Okay. > > =20 >> You can most likely use html escape there aswell, but then that would=20 >> not affect all variable output. >> =20 > > What do you mean ? > > =20 >> See what is best. >> =20 > > I was planning to call html_escape on each 'value=3D' HTML statements u= sing > $clang->gT. This way the HTML code is clean and in the switch/case we c= an > match the $_POST with $clang->gT() (since the _POST is received > un-html_escaped). > > In fact I have already implemented this on my local copy of phpsv and w= as > planning to submit this to the SVN tree. > > If anyone has objections, don't hesitate ;-) > > Regads, > Thibault > > > > -----------------------------------------------------------------------= -- > Using Tomcat but need to do more? Need to support web services, securit= y? > Get stuff done quickly with pre-integrated technology to make your job = easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geron= imo > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat= =3D121642 > _______________________________________________ > PHPSurveyor-Developers mailing list > PHP...@li... > https://lists.sourceforge.net/lists/listinfo/phpsurveyor-developers > > =20 |
From: Thibault Le M. <Thi...@su...> - 2007-02-08 13:24:57
|
> -----Message d'origine----- > De : php...@li...=20 > [mailto:php...@li...]=20 > De la part de dol...@in... > Envoy=E9 : jeudi 8 f=E9vrier 2007 14:05 > =C0 : php...@li... > Objet : Re: [Phpsurveyor-developers] [BUG] rev2269: ‘=20 > replaced by '?' !! >=20 >=20 > Hi Thibault, Hi David (machaven?) >=20 > Sorry i was having problems with the mailing list yesterday. > No problem ;-) =20 > Yes my intension is to do the str_replace on or before the translated=20 > string is returned. Okay. > You can most likely use html escape there aswell, but then that would=20 > not affect all variable output. What do you mean ? > See what is best. I was planning to call html_escape on each 'value=3D' HTML statements = using $clang->gT. This way the HTML code is clean and in the switch/case we = can match the $_POST with $clang->gT() (since the _POST is received un-html_escaped). In fact I have already implemented this on my local copy of phpsv and = was planning to submit this to the SVN tree. If anyone has objections, don't hesitate ;-) Regads, Thibault |
From: <dol...@in...> - 2007-02-08 13:04:48
|
Hi Thibault, Sorry i was having problems with the mailing list yesterday. Yes my intension is to do the str_replace on or before the translated string is returned. You can most likely use html escape there aswell, but then that would not affect all variable output. See what is best. Regards, David Olivier Thibault Le Meur wrote: > >> I don't know if it is a typo or not, but patch rev2269 replaces single >> quotes in translation string to "?". >> >> If what was intended was: >> ------------------------ >> function gT($string) >> { >> if ($this->gettextclass) >> { >> return >> str_replace('‘','\'',$this->gettextclass->translate($string)); >> } else { >> return $string; >> } >> } >> ------------------------ >> > > > I understand now what occured: in my last mail, my proposed gTUnquote > function used a reverse quote char that wasn't correctly transmitted > (non ascii ?) on the mailing list (it appeared as ? on the sourceforge > list archive). > > if we decide to patch language.php as above (instead of using a > gTUnquote function), then I'll have to use html_escape on lines like > this one: > value='.html_escape($clang->gT(XXX)).' in order to avoid quotes in values. > > Thibault > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > PHPSurveyor-Developers mailing list > PHP...@li... > https://lists.sourceforge.net/lists/listinfo/phpsurveyor-developers > > |
From: <dol...@in...> - 2007-02-07 21:42:17
|
test Thibault Le Meur wrote: > >> I don't know if it is a typo or not, but patch rev2269 replaces single >> quotes in translation string to "?". >> >> If what was intended was: >> ------------------------ >> function gT($string) >> { >> if ($this->gettextclass) >> { >> return >> str_replace('‘','\'',$this->gettextclass->translate($string)); >> } else { >> return $string; >> } >> } >> ------------------------ >> > test > > I understand now what occured: in my last mail, my proposed gTUnquote > function used a reverse quote char that wasn't correctly transmitted > (non ascii ?) on the mailing list (it appeared as ? on the sourceforge > list archive). > > if we decide to patch language.php as above (instead of using a > gTUnquote function), then I'll have to use html_escape on lines like > this one: > value='.html_escape($clang->gT(XXX)).' in order to avoid quotes in values. > > Thibault > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > PHPSurveyor-Developers mailing list > PHP...@li... > https://lists.sourceforge.net/lists/listinfo/phpsurveyor-developers > > |
From: Thibault Le M. <Thi...@su...> - 2007-02-07 19:09:32
|
> I don't know if it is a typo or not, but patch rev2269 replaces single > quotes in translation string to "?". > > If what was intended was: > ------------------------ > function gT($string) > { > if ($this->gettextclass) > { > return > str_replace('‘','\'',$this->gettextclass->translate($string)); > } else { > return $string; > } > } > ------------------------ I understand now what occured: in my last mail, my proposed gTUnquote function used a reverse quote char that wasn't correctly transmitted (non ascii ?) on the mailing list (it appeared as ? on the sourceforge list archive). if we decide to patch language.php as above (instead of using a gTUnquote function), then I'll have to use html_escape on lines like this one: value='.html_escape($clang->gT(XXX)).' in order to avoid quotes in values. Thibault |
From: Thibault Le M. <Thi...@su...> - 2007-02-07 18:11:38
|
I don't know if it is a typo or not, but patch rev2269 replaces single quotes in translation string to "?". If what was intended was: ------------------------ function gT($string) { if ($this->gettextclass) { return str_replace('‘','\'',$this->gettextclass->translate($string)); } else { return $string; } } ------------------------ Then I'll have to get back to the html_escape idea explained in the = "[BUG] Bad escaping of forms values whenusing localization" thread. If not, could you explain me the goal of this patch ? Regards, Thibault +------------------------------------------------------------------------= + | Thibault LE MEUR | http://www.supelec.fr = | | Sup=E9lec | e-mail: = Thi...@su... | | Centre de Ressources Informatiques| tel: +33 [0]1 69 85 17 89 = | | Plateau de Moulon | = | | 3 rue Joliot-Curie | fax: +33 [0]1 69 85 12 34 = | | 91192 Gif-sur-Yvette CEDEX, France| Supelec: +33 [0]1 69 85 12 12 = | +------------------------------------------------------------------------= +=20 |
From: Thibault Le M. <Thi...@su...> - 2007-02-07 17:54:15
|
> The quick and ugly fix is to define the gTUnquote function below: > function gTUnquote($str) > // This function converts ‘ to ' (left single quote) > { > $str=str_replace('‘',''',$str); > return $str; > } > > > And replace any switch/case by calling this function on the $clang->gT > strings like this: > switch(html_escape($_POST['method'])) ===> My mistake here, you should read: switch($_POST['method']) > { > ... > case gTUnquote($clang->gT("Add new label")): > ... |
From: Thibault Le M. <Thi...@su...> - 2007-02-07 14:25:39
|
Hi all, > -----Message d'origine----- > De : php...@li...=20 > [mailto:php...@li...]=20 > De la part de Carsten Schmitz > Envoy=E9 : vendredi 2 f=E9vrier 2007 18:28 > =C0 : php...@li... > Objet : Re: [Phpsurveyor-developers] RE : RE : [BUG] Bad=20 > escaping of forms valueswhen using localization >=20 >=20 > Use the html_escape ;) its the easiest for now. This is no more possible: when the $clang->gT calls were introduced all single quotes inside Language translated strings were converted to = ‘ so that there is no more need to html_escape the string. However this breaks other things because in the returned value (from = $_POST or $_GET) the ‘ reference is converted back to the 'left single = quote' character. I don't know why this conversion is done (is it by Apache, by PHP, or by a function in phpsv) ? Anyway, because of this, in the code we can't do simple string = comparizons between $_POST['myfield'] with the $clang->gT('XXX') anymore. The quick and ugly fix is to define the gTUnquote function below: function gTUnquote($str) // This function converts ‘ to =91 (left single quote) { $str=3Dstr_replace('‘','=91',$str); return $str; } And replace any switch/case by calling this function on the $clang->gT strings like this: switch(html_escape($_POST['method'])) { ... case gTUnquote($clang->gT("Add new label")): ... =20 For instance the above described patch would solve the Label Edition = form in French as well as the Template edition in French (because some single = quotes are used in the Translation file for these forms). Moreover, I have no clue as why single quotes are converted to left = single quotes by gT() ? Comments ? Thibault=20 |
From: Tom T. <tom...@he...> - 2007-02-07 06:39:18
|
Hi gang The code in activate.php now uses the ADODB data dictionary methods to create a new survey. Works sweet on SQL Server, but I haven't tried it on MySQL. Activated queries are saving fine too. Main concern is the datatypes. There's no TEXT, MEDIUM, etc in SQL Server so it's defaulting to a generic 'TEXT' type. Might need to refine this as we go, but it's looking OK. Onwards, forwards. Cheers Tom |