Menu
▾
▴
[phpBT-dev] More fun with htmlspecialchars
|
From: John W. <jp...@us...> - 2002-04-17 23:08:07
|
I've found a problem with creating a project containing the ampersand (&) character in the title. The & gets converted to an & which in turn gets stored in the database and also displayed back to the user. The same is true of the project description (and probably some other fields I've not found yet). For instance.... Create a new project with the title "A&B Stores" and description "A&B". Hit submit. The returned page will now show "A&B Stores" as the title and A&B as the description..... The database will match what is displayed on the screen. I believe this is caused by htmlspecialchars in the validation code of admin/project.php save_project() (around line 150 onwards). Removing the htmlspecialchars calls (but leaving trim()) seems to fix the problem without having any side affects. The HTML being output when the data is displayed back appears to be correctly converted (ie "A&B" in the database gets sent to the browser as A&B - and gets displayed correctly as A&B). Have I missed anything??? I realise that some chars need to be converted to &something before being sent to the browser, but in this instance the string is going to the database not the brower. I'll submit this change into CVS in a couple of days if no one has a problem with this. john |
