1
pinchecl
2.4.3 and apostrophe
  • 2010/1/2 6:39

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


Since updating from 2.4.2 to 2.4.3 the apostrophe doesn't show in at least the shoutbox and newbb(at least in the static text). It is replaced by it's code . Any suggestions?

EDIT: in newbb itself it works without a problem.
If I look at user ranks however (displayed in the forum) I get the code not the character.

2
trabis
Re: 2.4.3 and apostrophe
  • 2010/1/2 11:53

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


When core has bugs, modules use code to avoid it. After bug is fixed this extra code becomes a bug itself. It seems that what is happening in cbb rank title. Please edit newbb/class/user.php and change line 91:
$ret = array();
    if(
$rank_id>0){
        
$ret["title"] = /*$myts->htmlspecialchars(*/$ranks[$rank_id]["rank_title"]/*)*/;
        
$ret["image"] = $ranks[$rank_id]["rank_image"];
    }else{
        foreach(
$ranks as $id=>$rank){
            if(
$rank["rank_min"]<=$posts && $rank["rank_max"]>=$posts && empty($rank["rank_special"])){
                
$ret["title"] = /*$myts->htmlspecialchars(*/$rank["rank_title"]/*)*/;
                
$ret["image"] = $rank["rank_image"];
                break;
            }
        }
    }
Ranks are already sanitised when using $ranks = $rank_handler->getObjects(null, true, false); The extra $myts->htmlspecialchars() is causing double encoding. What shoutbox are you using?

3
pinchecl
Re: 2.4.3 and apostrophe
  • 2010/1/2 16:55

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


Quote:
trabis wrote: When core has bugs, modules use code to avoid it. After bug is fixed this extra code becomes a bug itself. It seems that what is happening in cbb rank title. Please edit newbb/class/user.php and change line 91:
$ret = array();
    if(
$rank_id>0){
        
$ret["title"] = /*$myts->htmlspecialchars(*/$ranks[$rank_id]["rank_title"]/*)*/;
        
$ret["image"] = $ranks[$rank_id]["rank_image"];
    }else{
        foreach(
$ranks as $id=>$rank){
            if(
$rank["rank_min"]<=$posts && $rank["rank_max"]>=$posts && empty($rank["rank_special"])){
                
$ret["title"] = /*$myts->htmlspecialchars(*/$rank["rank_title"]/*)*/;
                
$ret["image"] = $rank["rank_image"];
                break;
            }
        }
    }
Ranks are already sanitised when using $ranks = $rank_handler->getObjects(null, true, false); The extra $myts->htmlspecialchars() is causing double encoding. What shoutbox are you using?
Thanks Trabis. I'm using shoutbox 4.0.5 The forum indeed now is displayed in the right way. Any progresss in solving this?

4
pinchecl
Re: 2.4.3 and apostrophe
  • 2010/1/3 16:45

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


Quote:
pinchecl wrote: Quote:
trabis wrote: When core has bugs, modules use code to avoid it. After bug is fixed this extra code becomes a bug itself. It seems that what is happening in cbb rank title. Please edit newbb/class/user.php and change line 91:
$ret = array();
    if(
$rank_id>0){
        
$ret["title"] = /*$myts->htmlspecialchars(*/$ranks[$rank_id]["rank_title"]/*)*/;
        
$ret["image"] = $ranks[$rank_id]["rank_image"];
    }else{
        foreach(
$ranks as $id=>$rank){
            if(
$rank["rank_min"]<=$posts && $rank["rank_max"]>=$posts && empty($rank["rank_special"])){
                
$ret["title"] = /*$myts->htmlspecialchars(*/$rank["rank_title"]/*)*/;
                
$ret["image"] = $rank["rank_image"];
                break;
            }
        }
    }
Ranks are already sanitised when using $ranks = $rank_handler->getObjects(null, true, false); The extra $myts->htmlspecialchars() is causing double encoding. What shoutbox are you using?
Thanks Trabis. I'm using shoutbox 4.0.5 The forum indeed now is displayed in the right way.
Any progresss in solving this?

5
trabis
Re: 2.4.3 and apostrophe
  • 2010/1/3 19:09

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


include/class.php
//  ------------------------------------------------------------------------ //
//                XOOPS - PHP Content Management System                      //
//                    Copyright (c) 2000 XOOPS.org                           //
//                                                    //
//  ------------------------------------------------------------------------ //
//  This program is free software; you can redistribute it and/or modify     //
//  it under the terms of the GNU General Public License as published by     //
//  the Free Software Foundation; either version 2 of the License, or        //
//  (at your option) any later version.                                      //
//                                                                           //
//  You may not change or alter any portion of this comment or credits       //
//  of supporting developers from this source code or any supporting         //
//  source code which is considered copyrighted (c) material of the          //
//  original comment or credit authors.                                      //
//                                                                           //
//  This program is distributed in the hope that it will be useful,          //
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
//  GNU General Public License for more details.                             //
//                                                                           //
//  You should have received a copy of the GNU General Public License        //
//  along with this program; if not, write to the Free Software              //
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
//  ------------------------------------------------------------------------ //
//  Original Author: Alphalogic                          //
//  Original Author Website: http://www.alphalogic-network.de                 //
//  ------------------------------------------------------------------------ //
//  XOOPS Version made by: (XOOPS 1.3.x and 2.0.x version)                     //
//  Jan304                                              //
//  ------------------------------------------------------------------------ //
//  Author:     tank                                                         //
//  Website:    http://www.customvirtualdesigns.com                          //
//  E-Mail:     tanksplace@comcast.net                                       //
//  Date:       12/15/2008                                                   //
//  Module:     Shoutbox                                                     //
//  File:       include/class.php                                            //
//  Version:    4.05                                                         //
//  ------------------------------------------------------------------------ //
//  Change Log                                                               //
//  ***                                                                      //
//  Version 4.01 Initial CVD Release 10/05/2008                              //
//  ***                                                                      //
//  Version 4.02  11/01/2008                                                 //
//  Bug Fix: Corrected typo causing csv file to be processed incorrectly     //
//  ***                                                                      //
//  Version 4.03  11/15/2008                                                 //
//  Bug Fix: Update text sanitizer functions to eliminate deprecated message //
//  New: Add wordwrap_setting parameter to limit shout displayed line length //
//  ***                                                                      //
//  Version 4.04  12/01/2008                                                 //
//  Add word censoring support                                               //
//  ***                                                                      //
//  Version 4.05  12/15/2008                                                 //
//  Improve text sanitizing                                                  //
//  Eliminate extra linefeeds from text entry when stored as File type       //
//  ***                                                                      //

Class controlIt
{
    var 
$storage_type '';
    var 
$csvfile '';

    function 
addShout($username$shouttext$myid)
    {
        global 
$xoopsDB;
        
$myts =& MyTextSanitizer::getInstance();

        if(
$this->storage_type == 'file')
        {
            
$ip getenv("REMOTE_ADDR");
            
$shouts fopen($this->csvfile,"a");
            
$username str_replace("|","",$username);
            
$shouttext $myts->nl2Br($shouttext);
            
$shouttext str_replace("|","",$shouttext);
            
$username trim($username);
            
$shouttext trim($shouttext);
            
$ip trim($ip);

            
$form_ip $myts->htmlSpecialChars($myts->stripSlashesGPC($ip));
            
$form_shouttext $shouttext;
            
$form_username $myts->htmlSpecialChars($myts->stripSlashesGPC($username));
            
$form_myid $myts->htmlSpecialChars($myts->stripSlashesGPC($myid));

            
fwrite($shouts,$form_username."|".$form_shouttext."|".time()."|".$form_ip."|".$form_myid."n");
            
fclose($shouts);
        }elseif(
$this->storage_type == 'database'){
            
$shouttext trim($shouttext);

            
$ip getenv("REMOTE_ADDR");
            
$ip trim($ip);

            
$form_ip $myts->htmlSpecialChars($myts->stripSlashesGPC($ip));
            
$form_shouttext $shouttext;
            
$form_username $myts->htmlSpecialChars($myts->stripSlashesGPC($username));
            
$form_myid $myts->htmlSpecialChars($myts->stripSlashesGPC($myid));

            
$query "INSERT INTO `".$xoopsDB->prefix("shoutbox")."` (`user_id` , `uname` , `time` , `ip` , `message` ) ";
            
$query.= "VALUES ('$form_myid', ".$xoopsDB->quoteString($form_username).", '".time()."', '$form_ip', ".$xoopsDB->quoteString($form_shouttext).");";

            if(!(
$result $xoopsDB->queryF($query)))
            {
                return 
false;
            }
        }else{
            return 
false;
        }

        
$this->trimShouts();
        return 
true;
    }

    function 
viewShouts($online$bbcode$formattimestamp)
    {
        global 
$xoopsUser$xoopsDB$xoopsModuleConfig$maxshouts_view;
        
$shout = array();

        
$outputclass = new MyTextSanitizer;

        if(
$this->storage_type == 'file')
        {
            
$shouts file($this->csvfile);
            
$totalshouts count($shouts);
            
$i 0;

            for (
$count=$totalshouts-1;$count>=0;$count--) {
                if(
$maxshouts_view <= $i)
                {
                    break;
                }

                
$oneline = array();
                
$oneline explode("|",$shouts[$count]);

                
$shout[$count]['uname'] = $outputclass->htmlSpecialChars($oneline[0]);
                
$shout[$count]['time'] = formatTimestamp(trim($oneline[2]), $formattimestamp);
                
$shout[$count]['ip'] = $outputclass->htmlSpecialChars($oneline[3]);
                
$shout[$count]['uid'] = $outputclass->htmlSpecialChars(trim($oneline[4]));

                if(
$oneline){
                    if (
trim($oneline[4])!='guest')
                    {
                        
$thisUser= new XoopsUser($oneline[4]);
                        if(
$thisUser->isOnline()) {
                            
$shout[$count]['online'] = 1;
                        }else{
                            
$shout[$count]['online'] = 0;
                        }

                        if(
trim($thisUser->getVar("url")) != "") {
                            
$shout[$count]['url'] = $thisUser->getVar("url""E");
                        }else{
                            
$shout[$count]['url'] = 0;
                        }

                        if(
$thisUser->getVar("user_viewemail") == 1) {
                            
$shout[$count]['email'] = $thisUser->getVar("email""E");
                        }else{
                            if(
$xoopsUser && $xoopsUser->isAdmin())
                            {
                                
$shout[$count]['email'] = $thisUser->getVar("email""E");
                            }else{
                                
$shout[$count]['email'] = 0;
                            }
                        }

                        
$shout[$count]['avatar'] = XOOPS_URL.'/uploads/'.$thisUser->getVar("user_avatar");
                    }else{
                        
$shout[$count]['online'] = 0;
                        
$shout[$count]['url'] = 0;
                        
$shout[$count]['email'] = 0;
                        
$shout[$count]['avatar'] = 0;
                    }
                }

                if (
$xoopsModuleConfig['wordwrap_setting'] > 0) {
                  
$shout[$count]['message'] = wordwrap($outputclass->displayTarea($oneline[1], 01$bbcode10),$xoopsModuleConfig['wordwrap_setting'],"rn",true);
                }else{
                  
$shout[$count]['message'] = $outputclass->displayTarea($oneline[1], 01$bbcode10);
                }
                
$shout[$count]['message'] = $outputclass->censorString($shout[$count]['message']);

                
$htmlbreak htmlSpecialChars("");
                
$cr "rn";
                
$shout[$count]['message'] = str_replace($htmlbreak,$cr,$shout[$count]['message']);

                
$i++;
            }

            return 
$shout;
        }elseif(
$this->storage_type == 'database'){
            
$query $xoopsDB->query("SELECT msg_id, user_id, uname, time, ip, message FROM ".$xoopsDB->prefix("shoutbox")." ORDER BY time DESC LIMIT 0, ".$maxshouts_view);

            if(
$xoopsDB->getRowsNum($query) == 0)
            {
                return 
false;
            }

            
$i 1;

            while (list(
$msg_id$user_id$uname$time$ip$message) = $xoopsDB->fetchRow($query))
            {
                if(
$user_id != 0)
                {
                    
$thisUser = new XoopsUser($user_id);

                    
$shout[$i]['uname'] = $outputclass->htmlSpecialChars($thisUser->getVar('uname'));

                    if(
$thisUser->isOnline()) {
                        
$shout[$i]['online'] = 1;
                    }else{
                        
$shout[$i]['online'] = 0;
                    }

                    if(
trim($thisUser->getVar("url")) != "") {
                        
$shout[$i]['url'] = $thisUser->getVar("url""E");
                    }else{
                        
$shout[$i]['url'] = 0;
                    }

                    if(
$thisUser->getVar("user_viewemail") == 1) {
                        
$shout[$i]['email'] = $thisUser->getVar("email""E");
                    }else{
                        if(
$xoopsUser && $xoopsUser->isAdmin())
                        {
                            
$shout[$i]['email'] = $thisUser->getVar("email""E");
                        }else{
                            
$shout[$i]['email'] = 0;
                        }
                    }

                    
$shout[$i]['uid'] = $outputclass->htmlSpecialChars($user_id);
                    
$shout[$i]['avatar'] = XOOPS_URL.'/uploads/'.$thisUser->getVar("user_avatar");
                }else{
                    
$shout[$i]['uname'] = $uname;
                    
$shout[$i]['online'] = 0;
                    
$shout[$i]['url'] = 0;
                    
$shout[$i]['email'] = 0;
                    
$shout[$i]['avatar'] = 0;
                    
$shout[$i]['uid'] = 'guest';
                }

                
$message $outputclass->censorString($message);
                
//$message = $outputclass->htmlSpecialChars($message);

                
if ($xoopsModuleConfig['wordwrap_setting'] > 0) {
                  
$shout[$i]['message'] = wordwrap($outputclass->displayTarea($message01$bbcode10),$xoopsModuleConfig['wordwrap_setting'],"rn",true);
                }else{
                  
$shout[$i]['message'] = $outputclass->displayTarea($message01$bbcode10);
                }

                
$shout[$i]['time'] = formatTimestamp($time$formattimestamp);
                
$shout[$i]['ip'] = $outputclass->htmlSpecialChars($ip);
                
$i++;
            }

            return 
$shout;
        }else{
            return 
false;
        }
    }

    function 
trimShouts()
    {
        global 
$maxshouts_trim;
        global 
$xoopsDB;

        if(
$maxshouts_trim != '0')
        {
            if(
$this->storage_type == 'file')
            {
                
//TRIM THE FILE
                  
$shouts file($this->csvfile);
                  
$totrim count($shouts) - $maxshouts_trim;

                if (
$totrim 0) {
                    for (
$i=0$i<$totrim;$i++) {
                       
array_shift($shouts);
                    }

                     
$f=fopen($this->csvfile,"w");
                     foreach(
$shouts as $i => $line)
                     {
                    
fputs($f,"$line");
                     }
                     
fclose($f);
                }
            }elseif(
$this->storage_type == 'database'){

              
//TRIM THE RECORDS
                
$result mysql_query("SELECT * FROM ".$xoopsDB->prefix("shoutbox")." ORDER BY msg_id ASC");
              
$shouts mysql_num_rows($result);
              
$row mysql_fetch_array($result);
              
$msgid $row['msg_id'];

                
$totrim $shouts $maxshouts_trim;
              if (
$totrim 0) {
                  
$done $xoopsDB->queryF("DELETE FROM ".$xoopsDB->prefix("shoutbox")." WHERE msg_id=".$msgid."");
                }
            }else{
              return 
false;
            }
           }
    }

    function 
emptyIt()
    {
        global 
$shouttext$xoopsUser$xoopsDB;

        if(!empty(
$xoopsUser) && $xoopsUser->isAdmin())
        {
            if(
$this->storage_type == 'file')
            {
                
$thefile fopen($this->csvfile"w");
                
fclose($thefile);
                
$shouttext '';
            }elseif(
$this->storage_type == 'database'){
                
$query 'DELETE FROM '.$xoopsDB->prefix("shoutbox");

                if(
$result $xoopsDB->queryF($query))
                {
                    return 
true;
                }else{
                    return 
false;
                }
            }else{
                return 
false;
            }
        }
    }

    function 
checkDouble($shouttext)
    {
        global 
$xoopsDB;

        
$ip getenv("REMOTE_ADDR");

        if(
$this->storage_type == 'file')
        {
            
$shouts file($this->csvfile);

            if(!empty(
$shouts))
            {
                   
$totalshouts count($shouts);
                
$oneline explode("|",$shouts[$totalshouts-1]);
                if (
count($oneline) != 0) {
                    if ((
trim($oneline[3])==trim($ip))&&(trim($oneline[1])==trim(str_replace("|","",$shouttext))))
                    {
                        return 
true;
                    }
                }
            }

            return 
false;
        }elseif(
$this->storage_type == 'database'){
            
$shouttext trim($shouttext);
            
$ip getenv("REMOTE_ADDR");
            
$ip trim($ip);

            
$query $xoopsDB->query('SELECT message, ip FROM '.$xoopsDB->prefix("shoutbox").' ORDER BY `time` DESC LIMIT 0, 1');

            if(
$xoopsDB->getRowsNum($query) == 1)
            {
                
$shout = Array();
                
$shout $xoopsDB->fetchArray($query);

                if((
$shout['message'] == $shouttext) AND ($shout['ip'] == $ip))
                {
                    return 
true;
                }
            }

            return 
false;
        }else{
            return 
false;
        }
    }
}
?>

6
pinchecl
Re: 2.4.3 and apostrophe
  • 2010/1/3 19:30

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


Thanks Trabis, that did the trick!

7
pinchecl
Re: 2.4.3 and apostrophe
  • 2010/1/4 16:40

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


Trabis, although the solution does work there is a small glitch: it appears people can't use the shoutbox anymore if the configuration is set to the file option. If set to database option everything works.
No problem, just for you t know

8
trabis
Re: 2.4.3 and apostrophe
  • 2010/1/4 18:42

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Module needs to be cleaned up, maybe the author can find some time.

9
btesec
Re: 2.4.3 and apostrophe
  • 2010/1/8 22:20

  • btesec

  • Friend of XOOPS

  • Posts: 623

  • Since: 2007/2/20


SmartFAQs module has the same issue after upgrading to XOOPS 2.4.3. Any fix?

Thanks.

10
tank1955
Re: 2.4.3 and apostrophe
  • 2010/2/1 23:39

  • tank1955

  • Module Developer

  • Posts: 276

  • Since: 2007/9/7 1


Thanks for the info. Will be cleaning up the code in the next Shoutbox release.

Login

Who's Online

331 user(s) are online (184 user(s) are browsing Support Forums)


Members: 0


Guests: 331


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits