Menu
▾
▴
Re: [WebERP-developers] AccountGroups.php. Questions about code.
|
From: Phil D. <ph...@lo...> - 2014-09-27 23:28:00
|
I had tended to go with (a) because they are infrequent and cause trouble - I used the MiscFunction ContainsIllegalCharacters() but some think it was unecessarily restrictive as these characters can be dealt with using (b). But when it comes to editing these fields we need to bring back them back to raw form. Phil Phil Daintree Logic Works Ltd - +64 (0)275 567890 http://www.logicworks.co.nz On 28/09/14 04:20, Rafael Chacón wrote: > Hi, > > On AccountGroups.php, in line 320 we have: > > <td>' . htmlspecialchars($myrow['groupname'], ENT_QUOTES,'UTF-8') . '</td> > > but in lines 321 and 324 we have: > > <td>' . $myrow['sectionname'] . '</td> > ... > <td>' . $myrow['parentgroupname'] . '</td> > > The htmlspecialchars() function converts some predefined characters to > HTML entities [ & (ampersand) becomes & " (double quote) becomes > " ' (single quote) becomes ' < (less than) becomes < > > (greater than) becomes > ]. > > My questions: > > 1. Is there any reason to use it in account-goup-name, but not in > account-section-name nor in account-parent-group-name ? > > 2. How often do you find these characters (ampersand, double quote, > single quote, less than, greater than) in those names ? > > My proposal: if these characters (ampersand, double quote, single > quote, less than, greater than) are very-very-low frequent in those > names, we can: > > a) Declare these characters as "invalid" and filter them in the > "input-procedure" (procedure used infrequently) and > eliminate the use of the htmlspecialchars() function in the > "display-procedure" (procedure used frequently). Or, > > b) Convert/Unconvert these characters to store them as "HTML entities" > in the database in the "input-procedure" (procedure used infrequently) and > eliminate the use of the htmlspecialchars() function in the > "display-procedure" (procedure used frequently) by using data "as-is" > in the database. > > Technical comments, opinions, suggestions? > > Best regards, Rafael. > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > > > _______________________________________________ > Web-erp-developers mailing list > Web...@li... > https://lists.sourceforge.net/lists/listinfo/web-erp-developers |
