Mon-Fri 9am-4pm EST
Visualize community tm
 Home | Details | Support | Demo: User / Admin | Customer Galleries | Contact Us | Forums | Blog | Members Area | Buy PhotoPost

 PhotoPost Community simple quote bug

 Classifieds Bug Reports Post any problems you may be having with Classifieds here.

 May 11th, 2005, 05:11 PM #1 (permalink) Member Verified Customer   Join Date: Jul 2004 Posts: 49 simple quote bug Hello, I'm running latest photopost classified. In a category description, (french language) if you insert a ['] it writes a backslash before. I think this happens elsewhere too. Example : d'emploi will be written in index : d\'emploi may you help me ?
 May 12th, 2005, 06:12 AM #2 (permalink) Photopost Developer Verified Customer     Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 That would be correct as it should write a slash in the database Upon retrieval of data we should issue a stripslash to display the info correct. where is this what script page? __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding.
May 12th, 2005, 11:13 AM   #3 (permalink)
Registered User

Join Date: Apr 2005
Posts: 148
Quote:
 Originally Posted by omegatron That would be correct as it should write a slash in the database Upon retrieval of data we should issue a stripslash to display the info correct. where is this what script page?
If you do the following query, a slash is not actually stored in the table:
Code:
Content visible to verified customers only.

So there is no reason to stripslash upon retrieval of data from the table.

However, PP code IMO doesn't account for escaping correctly, so things like $description = stripslashes($description ); are needed after retrieving data from a table.

Thus, if you want to be rid of the slash, in showproduct.php find $description = stripslashes($description ); and replace with $desc = stripslashes($desc );

 May 12th, 2005, 11:23 AM #4 (permalink) Photopost Developer Verified Customer     Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 Frost As I stated to the customer where are they talking? If I look at our code in image-inc.php where a description is entered into the database we accurately addslashes where needed. Code: Content visible to verified customers only. In showproduct we already have this Code: Content visible to verified customers only. Thus I show it being correctly coded. So I need to know more where and what script we are talking __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding.
May 12th, 2005, 11:47 AM   #5 (permalink)
Registered User

Join Date: Apr 2005
Posts: 148
Quote:
 Originally Posted by omegatron Frost As I stated to the customer where are they talking? If I look at our code in image-inc.php where a description is entered into the database we accurately addslashes where needed. Code: Content visible to verified customers only. In showproduct we already have this Code: Content visible to verified customers only. Thus I show it being correctly coded. So I need to know more where and what script we are talking
Code:
Content visible to verified customers only.

So escaping is not accounted for correctly. Also, you refer to $desc but use$description = stripslashes( $description ); in showproduct.php, although$desc is used in showproduct.tmpl, so please, instead of trying to tell me it's correct, just fix the code. If you want to be rid of the slash, like I said, in showproduct.php, find $description = stripslashes($description ); and replace with $desc = stripslashes($desc );

 May 12th, 2005, 12:14 PM #6 (permalink) Photopost Developer Verified Customer     Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 Where are you finding $description at? I opened showproduct.php and quoted directly the line posted above for showproduct.php and it is indeed$desc not $description __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding.  May 12th, 2005, 12:26 PM #7 (permalink) Registered User Join Date: Apr 2005 Posts: 148 Search the showproduct.php file: Code: Content visible to verified customers only.   May 12th, 2005, 12:36 PM #8 (permalink) Photopost Developer Verified Customer Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 Okay that line does not matter Line 75 of showproduct.php the variable we pull from the database is defined as$desc Code: Content visible to verified customers only. Line 247 of showproduct.php I show we stripslashes on the variable $desc which is what we call the description from the above query list and then also convert_markups etc etc Code: Content visible to verified customers only. So now please explain to me how we do not stripslashes correctly? If anything we just remove the line you are referring to as it does nothing nor does it affect anything __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding. May 12th, 2005, 12:46 PM #9 (permalink) Registered User Join Date: Apr 2005 Posts: 148 Visit here and look at the description field. Now go do what I said, and then place the same ad. EDIT: Screenshot attached. Attached Images  screen.gif (42.2 KB, 6 views) Last edited by Frost; May 12th, 2005 at 12:57 PM.  May 12th, 2005, 01:01 PM #10 (permalink) Photopost Developer Verified Customer Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 Okay on Photopostdev yes stripslashes exist On my install if I try it does not place stripslashes so the issue is not the misuse of stripslashes which is what I am using since I show that defined correctly in the code. The issue then is the use of magic quotes yes or no and the fact it adds multiple quotes? Is that what your saying? If thats the case then I wonder why its ignoring this code in pp-inc.php where we check for magic on and strip those slashes Code: Content visible to verified customers only.  __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding. Last edited by Chuck S; May 12th, 2005 at 01:03 PM.  May 12th, 2005, 01:02 PM #11 (permalink) PhotoPost Developer Verified Customer Join Date: Jan 2002 Posts: 11,834 I've reminded Chuck its not a good idea to challange Frost when she is posting bug reports/fixes. __________________ Please do not PM me for support or sales questions. Thank you for your understanding.  May 12th, 2005, 01:12 PM #12 (permalink) Photopost Developer Verified Customer Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 Something tells me Michael updated the build and did not tell me I am running the latest version 2.3 on my server and line 247 exists as I posted it Okay well no wonder I cant replicate it running 2.3 classifieds there is a newer one that has a bug __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding.  May 12th, 2005, 01:18 PM #13 (permalink) PhotoPost Developer Verified Customer Join Date: Jan 2002 Posts: 11,834 I put in a change for the vB3 Enhanced users which changed that line and removed a stripslashes() that should have been covered above (but used the wrong variable name). Chuck was working off a previous build which had the proper stripslashes, one that was different from the current build. __________________ Please do not PM me for support or sales questions. Thank you for your understanding.  May 12th, 2005, 01:31 PM #14 (permalink) Registered User Join Date: Apr 2005 Posts: 148 I'm not sure you all are understanding. With magic quotes on, the header-inc.php readds slashing after the call to vB global.php, so when the PP code addslashes, variables get double slashed. That fact that pp-inc.php stripslashes doesn't matter. Thus, in the table and onscreen, you'll see backslashes. That's why the author of the code does stripslashes after queries to a table. Chuck, I'm assuming you have magic quotes off, so that on your install, if you enter something like "foo\bar" for the title and description, you should see "foobar" onscreen, so simply using$desc = stripslashes( $desc ); does not get around the escaping issue in the PP code. With magic quotes on,$desc = stripslashes( $desc ); strips the extra slashes. With magic quotes off,$desc = stripslashes( $desc ); unnecessarily strips intended slashes. Clear now?  May 12th, 2005, 02:11 PM #15 (permalink) Photopost Developer Verified Customer Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 I beleive though Michael has said he accidently removed a stripslashes which is why I could not see it and updated the build. I actually have magic quotes ON so technically I think the fix would be to add the stripslashes back in that I show in my file that Michael removed in the build he uploaded that I did not know about. __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding. May 12th, 2005, 02:38 PM #16 (permalink) Registered User Join Date: Apr 2005 Posts: 148 Quote:  Originally Posted by omegatron I beleive though Michael has said he accidently removed a stripslashes which is why I could not see it and updated the build. I actually have magic quotes ON so technically I think the fix would be to add the stripslashes back in that I show in my file that Michael removed in the build he uploaded that I did not know about. Michael now has$desc = stripslashes( $desc ); in showproduct.php so this works fine for those with magic quotes on. However, it is not correct for those with magic quotes off. Set PHP_VALUE magic_quotes_gpc 0 in an htaccess file in the classifieds directory to turn off magic quotes. Then place an ad using "want\slash" to see "wantslash" shows onscreen. Like I said, with magic quotes on,$desc = stripslashes( $desc ); strips the extra slashes. With magic quotes off,$desc = stripslashes( $desc ); unnecessarily strips intended slashes.  May 12th, 2005, 03:16 PM #17 (permalink) Photopost Developer Verified Customer Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 As stated above when you said most likely I had mine off that I indeed had mine on instead I turned it off and posted an add fine on my install no slashes are shown using what you posted "It's a test" So on my install which has$desc = stripslashes($desc); with magic on or off I do not get slashes displayed so what am I missing? I cant get a slash with magic on or off __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding.  May 12th, 2005, 03:22 PM #18 (permalink) Photopost Developer Verified Customer Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 So it works for me both ways. I have total control over how I configure it so let me know any other way to try it. Okay I think I know where your going here with intended slashes but how would you suggest handling intended slashes? Usually in code if there is a " you need to add a slash to counter that. which means you need to counter with a stripslashes. So how would you determine if its intended or not __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding. Last edited by Chuck S; May 12th, 2005 at 03:24 PM. May 12th, 2005, 03:24 PM #19 (permalink) Registered User Join Date: Apr 2005 Posts: 148 Quote:  Originally Posted by omegatron As stated above when you said most likely I had mine off that I indeed had mine on instead I turned it off and posted an add fine on my install no slashes are shown using what you posted "It's a test" So on my install which has$desc = stripslashes(\$desc); with magic on or off I do not get slashes displayed so what am I missing? I cant get a slash with magic on or off
Chuck, trying to get you to understand is like pulling teeth. Magic quotes on or off, "It's a test" now works fine. Try "foo\bar" when magic quotes is off to see that the indended slash is errantly removed.

 May 12th, 2005, 03:25 PM #20 (permalink) Photopost Developer Verified Customer     Join Date: Jun 2002 Location: Abingdon,MD Posts: 71,653 I added to my post when you where replying LOL __________________ Photopost Developer and Support Engineer Please do not PM me for support or sales questions. Thank you for your understanding.

 Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 Thread Tools Display Modes Rate This Thread Linear Mode Rate This Thread: 5 : Excellent 4 : Good 3 : Average 2 : Bad 1 : Terrible

 Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is OffTrackbacks are On Pingbacks are On Refbacks are On Forum Rules

 Similar Threads Thread Thread Starter Forum Replies Last Post TCS How Do I? - vBulletin 3.5.X 1 October 26th, 2005 07:49 PM kooley Before You Buy 8 January 5th, 2005 06:58 PM

All times are GMT -5. The time now is 04:31 PM.