MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004597ATutorContentpublic2010-10-20 10:362012-06-12 14:56
Reportercindy 
Assigned Tocindy 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version2.0.3 
Summary0004597: Cannot define AFA alternatives when magic_quotes_gpc is on
DescriptionWhen magic_quotes_gpc is turned on, the names of the primary resources returned from ContentOutputParser is \"a.gif\". The correct return should be a.gif, without backslashes and double quotes.

When \"a.gif\" is inserted into primary_resources table, \ is stripped and "a.gif" is saved. However, when applying alternatives:

\"a.gif\" (from parser) <> "a.gif" (from db)

So, the alternatives are not applied.

The possible fix:
1. ContentOutputParser.class.php
To output a.gif without backslashes and double quotes

2. Insert into table
keep the name as what it is even with \"a.gif\"
TagsNo tags attached.
Affects versionSVN
SVN Revision#11492
Attached Files

- Relationships

-  Notes
(0005319)
harris (developer)
2011-09-08 11:25

in mods/_core/editor/editor_tabs/alternative.inc.php, line 97:
populate_a4a($cid, $_POST['body_text'], $_POST['formatting']);

$_POST['body_text'] here will have its content slashed due to magic_quotes. In order for a4a to match, body_text's slashes should be striped perhaps with $stripe_slashes()?
(0005320)
cindy (administrator)
2011-09-08 11:52

Solution: The double quotes (") in the posted-in hidden value of content (embedded hidden input field name: body_text) are auto-escaped with backslashes when magic_quotes_gpc is on. $stripslashes the in-value before processing.

Affected scripts:
mods/_core/editor/editor_tab_functions.inc.php
mods/_core/editor/editor_tabs/alternatives.inc.php
(0005602)
greg (administrator)
2012-06-12 14:56

2.0.3 changes

- Issue History
Date Modified Username Field Change
2010-10-20 10:36 cindy New Issue
2010-10-20 10:36 cindy Affects version => SVN
2010-10-20 10:36 cindy Description Updated
2010-10-20 10:37 cindy Category - no cat - => Content
2011-09-08 11:25 harris Note Added: 0005319
2011-09-08 11:52 cindy SVN Revision# => 11492
2011-09-08 11:52 cindy Note Added: 0005320
2011-09-08 11:52 cindy Status new => resolved
2011-09-08 11:52 cindy Fixed in Version => 2.0.3
2011-09-08 11:52 cindy Resolution open => fixed
2011-09-08 11:52 cindy Assigned To => cindy
2012-06-12 14:56 greg Note Added: 0005602
2012-06-12 14:56 greg Status resolved => closed


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker