Bug in footer

  • J.Kruis

    J.Kruis - 2011-01-07

    If you click on the "Return to yourwebsit"  the footer.tpl wil add two entry's to of the config.inc.php togegether.

    these are

    $CONF =
    $CONF =

    to correct this is use this patch

    Index: templates/footer.tpl

    -- templates/footer.tpl (revision 939)
    +++ templates/footer.tpl (working copy)
    @@ -10,7 +10,7 @@
    <a target="_blank" href="http://postfixadmin.sf.net/update-check.php?version={$version|escape:"url"}">{$PALANG.check_update}</a>
    {if $CONF.show_footer_text == 'YES' && $CONF.footer_link}
    - <a href="{$CONF.footer_link|escape:"url"}">{$CONF.footer_text|escape}</a>
    + <a href="{$CONF.footer_link}">{$CONF.footer_text}</a>

  • GingerDog

    GingerDog - 2011-02-08

    So, your problem is that the footer_link/text are being escaped; when they shouldn't be?

    Trunk at the moment contains :

        {if $CONF.show_footer_text == 'YES' && $CONF.footer_link}
            <a href="{$CONF.footer_link}">{$CONF.footer_text|escape}</a>

    Which seems to be a random combination of what you're asking for. I think it'd be safe to remove the |escape from the footer_text part, as it's defined by an admin - who should be trusted. Would this make you happy?

  • Christian Boltz

    Christian Boltz - 2011-02-08

    # svn log footer.tpl

    r940 | christian_boltz | 2011-01-07 21:52:34 +0100 (Fr, 07. Jan 2011) | 10 Zeilen

    footer.tpl: remove escaping of $CONF

    url-escaping $CONF makes the link look like
    "http%3A%2F%2Fexample.com". Browsers interpret this as file name
    relative to the current domain and directory, not as full
    http://example.com URL. Removed escaping.

    Thanks to jan-kruis @SF for pointing this out.

    Sorry for not adding a note in the forum, but as you can see, this is fixed in SVN since a month ;-)

    $CONF.footer_text should still be HTML-escaped IMHO.


Log in to post a comment.