Description field does not like double quotes & more...(FIXED)

[Chuck S]

Right but I think the issue here and as I was stating in the other thread may have nothing to do with showproduct

In bulkupload.php try this

$deftitle = urlencode($title);
$defdesc = urlencode($desc);
$keywords = urlencode($keywords);

would be something like this

$deftitle = urlencode(stripslashes(un_htmlspecialchars($title)));
$defdesc = urlencode(stripslashes(un_htmlspecialchars($desc)));
$keywords = urlencode(stripslashes(un_htmlspecialchars($keywords)));

[Jeremy]

Quote:

Originally Posted by Chuck S

Right but I think the issue here and as I was stating in the other thread may have nothing to do with showproduct

In bulkupload.php try this

$deftitle = urlencode($title);
$defdesc = urlencode($desc);
$keywords = urlencode($keywords);

would be something like this

$deftitle = urlencode(stripslashes(un_htmlspecialchars($title)));
$defdesc = urlencode(stripslashes(un_htmlspecialchars($desc)));
$keywords = urlencode(stripslashes(un_htmlspecialchars($keywords)));

That code is the same (does not contain the un_htmlspecialchars) in both classifieds and reviewpost -- that isn't going to be the problem, right?

There are two sections that have those blocks btw. Which do you mean? The ones ~ line 227? or the ones ~138, or both?



Remember, it's not a PHP issue or a local issue since the behaviour works properly in one of your products but not the other.

Especially when you consider that we have already gone over a couple bugs where something from one product somehow didn't make it to the other that should have.


I refuse to make just-for-me patches to code that has to do with sanitizing input.

I want exactly what everyone else has in that area.

[Chuck S]

You dont see to want to work with me here.

I have already posted the one difference between classifieds and reviewpost in showproduct.php above.

Does that work if you make the code I stated?

Cause if the issue is only in reviewpost and not in classifieds then the only difference is the code in post 18

Simply make that change

[Jeremy]

Quote:

Originally Posted by Chuck S

You dont see to want to work with me here.

I have already posted the one difference between classifieds and reviewpost in showproduct.php above.

Does that work if you make the code I stated?

Cause if the issue is only in reviewpost and not in classifieds then the only difference is the code in post 18

Simply make that change

ARE YOU KIDDING ME??

Obviously I want to work with you here. Look at my postcount!

A postcount which is almost ENTIRELY from messing around with bugs and patches over the past couple of weeks since I first attempted to install these products and integrate them with VBulletin 3.5.1

In that sense, NO, I don't want to have to work with you here & you guys seem to have ZERO REMORSE for customers who are forced point these problems out.

Why can't you guys admit you released this product too early & erronously claimed "No problems" with VB3.x when there are plenty.

Put yourself in my shoes. I installed this nearly 2 weeks ago and I am STILL sitting here messing around in the message board with you giving me patches to get this product to the point where it was claimed to be from the start.

Are you guys at least applying these bugfixes to the current distribution zip?
Or is your disitrbution that a new customer would purchase is the still same as it was when I bought it?

You have no idea how frustrating this is.

When you ask me to do things that will be of compromise to our servers security, then of course I will have to refuse.

I don't want to wind up with input sanitizing code on my distribution that is not the same as the code in the official distributions.

I don't want to post links to my phpinfo (which contains a goldmine system information that only admins and trusted system users should see).

I don't consider that refusing to work with you, do you?

[Jeremy]

Quote:

Originally Posted by Chuck S

Jeremy here is the difference though and it essentially does the same thing I stated by turning on html

Basically convert_markups is messing with this

IN showproduct.php

Code:

Content visible to verified customers only.

this is what classifieds has

Code:

Content visible to verified customers only.

So you can make the change if you wish

In showproduct.php (of classifieds) you gave me the fix:

Code:

Content visible to verified customers only.

and in uploadproduct.php (classifieds)

Code:

Content visible to verified customers only.

I'll try the things you suggested & let you know how what happens.

I just want to know that you and everyone else have, or will have, the same code in place - especially when it comes to code that deals with user input.

[Chuck S]

Jeremy

I had posted the only code difference between reviewpost and classifieds in post 18 of this thread.

I have asked a couple questions here that are unanswered and this is what I am referring to when I said you seem to not want to work with me. I can only work from what your telling me based on the info you give. So from your response in part I am going to assume your using vb3 with integration set to on.

Given the nature of the issue that I have posted multiple posts showing explicit examples of posts made on my site with both vb3 on and off and quotes used in descriptions and reviews I can not replicate the issue at all on my setup with or without magic quotes.

I am not trying to be difficult here. I just need questions answered here since you will not post site links etc.

I did ask if the one change in post 18 made any difference if you changed it and you did not respond. Any response on this?

I would suggest anymore discussion on this since you do not want to post pubically site links etc I would suggest you email me such information and a test login accoung etc so I can go through and replicate and see how things are reacting.

REVERT ANY FILES TO THE DEFAULT CODE. Only make the change in post 18 and let me know. You can not put convert_returns and un_htmlspecialchars on the same line which I beleive causes this issue and would explain why I can not replicate it

[Jeremy]

Quote:

Originally Posted by Chuck S

Jeremy

I had posted the only code difference between reviewpost and classifieds in post 18 of this thread.

I did ask if the one change in post 18 made any difference if you changed it and you did not respond. Any response on this?

REVERT ANY FILES TO THE DEFAULT CODE. Only make the change in post 18 and let me know. You can not put convert_returns and un_htmlspecialchars on the same line which I beleive causes this issue and would explain why I can not replicate it

That is the problem chuck.... what you told me in post 18 of this thread conflicted with a fix you had given me earlier in another thread. So what you were telling me to change was not there - exactly.

Now you tell me to revert all code? ALL CODE? Back to the distribution? or just the code in the spots that we are working with? I don't even know what all code was changed off hand since you have sent me some fixed files in email.

That is the problem with these fixes-per-user , the forums "no-file-attachment" policy & the way you guys handle your distribution updates, Chuck.

The way I see it is if a bug fix is needed, then it should be coded in a way to be able to applied for all installations and made available for all users.

It should then immediately added to a daily snapshot release of the corresponding software distributions so that new customers do not wind up coming to the forums and posting the exact same bug reports.

Instead you could just say "there were some bug fixes that will take care of that problem, you should update to the daily snapshot"

It's not my company, but I'm sure the community would greatly appreciate a better bug tracking and distrubtion system. I know I would.

[Chuck S]

oh thats right you installed a hack I posted for you in showcat to show that price field

Just revert bulkupload and showproduct.php and just do the line change in post 18

[Jeremy]

Ok.. but like I said, there are two places in bulkupload with those variables & you didn't give enough information for me to determine if they should be applied to the first instance, the second, or both.


I guess it's the block ~ line 227 since that uses $deftitle and $title.

[Chuck S]

Just modify showproduct.php not bulkupload

Well I have come up with what I think is a much simpler response since user's requested in ReviewPost to turn on and off html

Code:

Content visible to verified customers only.

Do not worry any fixes are applied to the build

[Jeremy]

Right....

Ok Chuck... the suggestion you made for the classifieds showproduct.php is the one I think we want:

Code:

Content visible to verified customers only.

Because if you don't, then I'll have to bump that thread with the bug dealing with the stripping of the carriage returns.


If I use the first one, then the carriage returns are stripped & we have a single long line of text for the description.

If I use the second one, then the carriage returns are still there.

[Chuck S]

Well let me test that

EDIT

relook and apply post 30 for those lines.

That is the fix that will be applied to the build.

[Jeremy]

also, I'm using editproduct.php to make changes to the product to test (like to add html, bbcode, quotes, etc to the description, title, keywords)

Is there anything dealing with user input to consider there? Or would you say that script is solid as is?

[Chuck S]

I show no issues with editproduct do you?

[Jeremy]

Quote:

Originally Posted by Chuck S

I show no issues with editproduct do you?

Not that I can see... but I'm not a coder

It looks like the escaping used there is different, but maybe there is a reason for it.

[Jeremy]

Quote:

Originally Posted by Chuck S

Well let me test that

EDIT

relook and apply post 30 for those lines.

That is the fix that will be applied to the build.

In BOTH products? (ppClassifieds and ppReviews?)

...I applied it to ppReview and it seems to work now.

[Jeremy]

They still allow bbcode of course.... that's not too troublesome though.

[Chuck S]

no classifieds is fixed.

The above is for reviewpost only as in reviewpost we allow the turning on and off for html

Vbulletin integrations set to ON must have html on to convert things right hense my little change. I beleive this issue came from trying to retrofit a classifieds fix into reviewpost hense is why I could not replicate it

[Jeremy]

Quote:

Originally Posted by Chuck S

no classifieds is fixed.
Vbulletin integrations set to ON must have html on to convert things right hense my little change. I beleive this issue came from trying to retrofit a classifieds fix into reviewpost hense is why I could not replicate it

So on reeftalk you have VB integration set to on?

Which means you have HTML enabled as well?
(at least if you apply this code you do)

[Chuck S]

yes you must have the code directly as post 30