I've found a problem with creating a project containing the ampersand (&)
character in the title. The & gets converted to an & which in turn gets
stored in the database and also displayed back to the user. The same is
true of the project description (and probably some other fields I've not
found
yet).
For instance.... Create a new project with the title "A&B Stores" and
description "A&B". Hit submit. The returned page will now show
"A&B Stores" as the title and A&B as the description.....
The database will match what is displayed on the screen.
I believe this is caused by htmlspecialchars in the validation code of
admin/project.php save_project() (around line 150 onwards). Removing
the htmlspecialchars calls (but leaving trim()) seems to fix the problem
without
having any side affects. The HTML being output when the data is
displayed back
appears to be correctly converted (ie "A&B" in the database gets sent to the
browser as A&B - and gets displayed correctly as A&B).
Have I missed anything??? I realise that some chars need to be converted to
&something before being sent to the browser, but in this instance the
string is going to
the database not the brower.
I'll submit this change into CVS in a couple of days if no one has a
problem with this.
john
|
