Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
3 + 5 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
     

Re: Weird chars in News notification message
by Mithrandir on 2004/4/6 16:32:17

1) Haven't tested, but will do
2) I don't know if the name of the function is that good - might be a little more general applicable and hence needing a little more descriptive name, but as long as the function is for text sanitation and in the textsanitizer class, I think it is a good way

As you can see, the deprecated functions have very specific names and that may be the reason why they are deprecated to give way to more generic functions (but I don't know for sure - it's a guess)
Re: Weird chars in News notification message
by marcan on 2004/4/6 15:45:48

Here is what I did as a temporary solution.

Basically, what we want to do is 'sanitize' the title of the notification. This value is normally set in that way :
Quote:
$tags['STORY_NAME'] = $subject;

The new way should then be something like this :
Quote:
$tags['STORY_NAME'] = Sanitize_For_Notification($subject);


So I created the other function. In class/module.textsanitizer.php, just before those lines :
Quote:
##################### Deprecated Methods ######################

I added this new function :
Quote:
/**
* Prepare a string to be sent by notifiction (by marcan)
*
* @param string $text
* @return string
**/
function &prepareForNotification(&$text)
{
return stripslashes($this->undoHtmlSpecialChars($text));
}

This function clears all the unwanted chars. Then, in every module that uses the notification you would have to 'sanitize' the text. Here is an example with the news module.

In news/admin/index.php, around line 366 in the Function addTopic(), change this :
Quote:
$tags['TOPIC_NAME'] = $HTTP_POST_VARS['topic_title'];

For this :
Quote:
// Hack by marcan to display the title in a good format, without ''' symbols...
$myts =& MyTextSanitizer::getInstance();
// $tags['TOPIC_NAME'] = $HTTP_POST_VARS['topic_title'];
$tags['TOPIC_NAME'] = $myts -> prepareForNotification($HTTP_POST_VARS['topic_title']);
// End of hack by marcan

Then, in that same file, around line 590, change this :
Quote:
$tags['STORY_NAME'] = $story -> title();

With for :
Quote:
// Hack by marcan to display notification in a good format
$myts =& MyTextSanitizer::getInstance();
// $tags['STORY_NAME'] = $story -> title();
$tags['STORY_NAME'] = $myts -> prepareForNotification($story -> title());
// End of hack by marcan

This fixes the notification when a news is submitted via the admin side. Here's what you need to do in order to fix it for when a user submit an article.In submit.php, around line 110, change this :
Quote:
// $tags['STORY_NAME'] = $subject;

For this :
Quote:
// Hack by marcan to display notification in a good format
$myts =& MyTextSanitizer::getInstance();
// $tags['STORY_NAME'] = $subject;
$tags['STORY_NAME'] = $myts -> prepareForNotification($subject);
// End of hack by marcan

That's it. This worked for me !

Now 2 questions :
1- Is it working for you ?
2- Coders : is it the good way to do it?
Re: Weird chars in News notification message
by ouioui on 2004/4/6 15:07:55

Hi,

I have the same probleme with " ' " when i use xoopsmailer with the methode assign.
Is someone can help me ?

Best regards
Bruno
Re: Weird chars in News notification message
by marcan on 2004/4/5 19:08:48

Thanks Mithrandir

Could someone tell me what sanitation is better recommended in that purpose and where in the process to insert it.

Thanks !
Re: Weird chars in News notification message
by Mithrandir on 2004/4/5 19:06:20

Looking into the route, the title takes before being in the message, I don't find anything being done about apostrophes.

The title is taken directly from the news subject without any sanitation and put in the extra tags array.

in XoopsNotificationHandler::trigger_event() nothing is done to the extra tags

in XoopsNotification::notifyUser, the tags are run through a preg_replace("/&/i", '&', $v) if the notification is sent by email

in XoopsMailer::send, the tags are run through a simple preg_replace to get the value in the place of the placeholders in the mail template - again without sanitation.

I am not an expert, so I cannot say if there should be a sanitation - and if so, then which action should be taken.

Who's Online

185 user(s) are online (139 user(s) are browsing Support Forums)


Members: 0


Guests: 185


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits