MantisBT - ATutor
View Issue Details
0004597ATutorContentpublic2010-10-20 10:362012-06-12 14:56
cindy 
cindy 
normalminoralways
closedfixed 
 
2.0.3 
SVN
11492
0004597: Cannot define AFA alternatives when magic_quotes_gpc is on
When magic_quotes_gpc is turned on, the names of the primary resources returned from ContentOutputParser is \"a.gif\". The correct return should be a.gif, without backslashes and double quotes.

When \"a.gif\" is inserted into primary_resources table, \ is stripped and "a.gif" is saved. However, when applying alternatives:

\"a.gif\" (from parser) <> "a.gif" (from db)

So, the alternatives are not applied.

The possible fix:
1. ContentOutputParser.class.php
To output a.gif without backslashes and double quotes

2. Insert into table
keep the name as what it is even with \"a.gif\"
No tags attached.
Issue History
2010-10-20 10:36cindyNew Issue
2010-10-20 10:36cindyAffects version => SVN
2010-10-20 10:36cindyDescription Updated
2010-10-20 10:37cindyCategory- no cat - => Content
2011-09-08 11:25harrisNote Added: 0005319
2011-09-08 11:52cindySVN Revision# => 11492
2011-09-08 11:52cindyNote Added: 0005320
2011-09-08 11:52cindyStatusnew => resolved
2011-09-08 11:52cindyFixed in Version => 2.0.3
2011-09-08 11:52cindyResolutionopen => fixed
2011-09-08 11:52cindyAssigned To => cindy
2012-06-12 14:56gregNote Added: 0005602
2012-06-12 14:56gregStatusresolved => closed

Notes
(0005319)
harris   
2011-09-08 11:25   
in mods/_core/editor/editor_tabs/alternative.inc.php, line 97:
populate_a4a($cid, $_POST['body_text'], $_POST['formatting']);

$_POST['body_text'] here will have its content slashed due to magic_quotes. In order for a4a to match, body_text's slashes should be striped perhaps with $stripe_slashes()?
(0005320)
cindy   
2011-09-08 11:52   
Solution: The double quotes (") in the posted-in hidden value of content (embedded hidden input field name: body_text) are auto-escaped with backslashes when magic_quotes_gpc is on. $stripslashes the in-value before processing.

Affected scripts:
mods/_core/editor/editor_tab_functions.inc.php
mods/_core/editor/editor_tabs/alternatives.inc.php
(0005602)
greg   
2012-06-12 14:56   
2.0.3 changes