TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

Stats

Members
  • Total Members: 3,963
  • Latest: BiZaJe
Stats
  • Total Posts: 195,917
  • Total Topics: 21,308
  • Online today: 884
  • Online ever: 8,223 (February 19, 2025, 04:35:35 AM)
Users Online
  • Users: 0
  • Guests: 343
  • Total: 343

help - text display issue for article intro

Started by auvn, May 19, 2007, 05:15:46 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 All
User actions

bigb

#10
December 20, 2007, 03:22:26 AM
I Use Fckeditor also and if I cut and copy into a new article it works if I re summit and approve it. If I add or create a new article as a administrator it gives me the error. If I change or edit an article that was submitted it stops processing the HTML.

Thanks for the help

bigb

#11
December 20, 2007, 04:17:02 PM Last Edit: December 20, 2007, 05:03:27 PM by bigb
I don’t know if this will help in solving the problem but here is a snippet of the code created before and after an edit and resave of an article.  I hope this helps someone who knows coding better than me. 

Quote
BEFORE RESAVE

<<div class="tborder" style="margin-bottom: 2px;">
      <div class="windowbg" style="padding:4px; " id="block65">
      <div style="_height: 1%; overflow: hidden; padding: 4px;"><span class="smalltext">Author: sandman</span>
<span class="smalltext">
December 14, 2007, 07:18:45 PM</span>
<span class="smalltext">Views: 29 </span>
<span class="smalltext">Rating:  10 (1 rates) </span>
         <div style="overflow: hidden; _height: 1%; margin-top: 1ex;">
            <div style="line-height: 1.3em;"><blockquote dir="ltr" style="MARGIN-RIGHT: 0px"><font face="Comic Sans MS" size="3">
<h3 align="center"><font face="Comic Sans MS" color="#ff6600" size="6">Nkorho Pan Africa</font></h3>
<a target="_blank" href="http://www.africam.com/"></a><font face="Comic Sans MS" size="3"><a target="_blank" href="http://www.africam.com/">Nkorho Pan Live WebCam</a> </font>is ranked as one of the top African wildlife sites on the web. Nkorho Pan is a natural water hole in the prestigious Sabi Sands Private Game Reserve, in South Africa.&nbsp; It is a 24 hours a day web cam that is remotely controled by a real person who zooms in on wildlife and put ....</font>

               <div class="smalltext" style="margin-top: 1ex; font-weight: bold;">Read more...</div>
            </div>
         </div>
      </div></div></div>
       
       
AFTER RESAVE       
       
        <div class="tborder" style="margin-bottom: 2px;">
      <div class="titlebg" style="padding: 4px; font-weight: bold;"><img border="0" style="margin-right: 4px;" align="right" src="http://www.islandtackle.com/smf/Themes/TP_Christmas_Time/images/tp-edit.gif" alt="" />Nkoho Test edit
      </div>
      <div class="windowbg" style="padding:4px; " id="block81">
      <div style="_height: 1%; overflow: hidden; padding: 4px;"><span class="smalltext">Author: sandman</span>
<span class="smalltext">
December 05, 2006, 01:52:00 PM</span>
<span class="smalltext">Views: 1479 </span>
<span class="smalltext">Comments: 0 </span>
<span class="smalltext">Rating:  9 (5 rates) </span>
         <div style="overflow: hidden; _height: 1%; margin-top: 1ex;">
            <div style="line-height: 1.3em;">&lt;blockquote dir=&quot;ltr&quot; style=&quot;MARGIN-RIGHT: 0px&quot;&gt;&lt;font face=&quot;Comic Sans MS&quot; size=&quot;3&quot;&gt;
&lt;h3 align=&quot;center&quot;&gt;&lt;font face=&quot;Comic Sans MS&quot; color=&quot;#ff6600&quot; size=&quot;6&quot;&gt;Nkorho Pan Africa&lt;/font&gt;&lt;/h3&gt;
&lt;a target=&quot;_blank&quot; href=&quot;http://www.africam.com/&quot;&gt;&lt;/a&gt;&lt;font face=&quot;Comic Sans MS&quot; size=&quot;3&quot;&gt;&lt;a target=&quot;_blank&quot; href=&quot;http://www.africam.com/&quot;&gt;Nkorho Pan Live WebCam&lt;/a&gt; &lt;/font&gt;is ranked as one of the top African wildlife sites on the web. Nkorho Pan is a natural water hole in the prestigious Sabi Sands Private Game Reserve, in South Africa.  It is a 24 hours a day web cam that is remotely controled by a real person who zooms in on wildlife and put ....&lt;/font&gt; &lt;/blockquote&gt;
               <div class="smalltext" style="margin-top: 1ex; font-weight: bold;">Read more...</div>
            </div>
         </div>
      </div></div></div>

Hope this helps..

HerbKilby

#12
December 28, 2007, 11:21:01 PM Last Edit: December 29, 2007, 01:03:47 AM by HerbKilby
I'm using smf v1.1.4 with tp v0.98 on a fresh install (not upgrade).

In all three editors WhizzyWig,  FCK editor, and no [WYSIWYG] intro text is transformed from html formatting to "&[whatever];" whenever the article is saved.

Going to the database and fixing the formatting back to proper html allows the article to display properly; however, if you just open it up in any of the editors and edit it or not, but save it; then all html formatting is again stripped and "&[whatever];" is done again.

This same happens in the body only when not using WhizzyWig or FCK editors.

My assumption is that it is one of two causes: (1) php ini setting, or (2) a programmatic problem in the save process.  My money is on (2) since the problem seems to exist in the saving of the intro field and not the body.

I also have other issue with some of the html the editors generate, but that's another issue.  I'm gonna do some experimentation and look at the code, then post a follow up.

--follow up--

Here is what I found in TPortalAdmin.php starting at line 939:

Code Select
                   elseif(substr($what,0,15)=='tp_article_body'){
   $val=substr($what,15);
   // convert < and > but only in html types
if(isset($_POST['tp_article_useintro'.$val]) && $_POST['tp_article_useintro'.$val]!='-1')
$newval=htmlspecialchars($value);
else
$newval=$value;

if(is_numeric($val) && $val>0)
                       db_query("UPDATE {$tp_prefix}articles SET body='$newval' WHERE id=$val", __FILE__, __LINE__);

You will not that htmlspecialchars will only be applied to the body when use intro is set.

Whereas starting at line 998:
Code Select
                   elseif(substr($what,0,16)=='tp_article_intro'){
                       $val=substr($what,16);
   $newval=$value;
                       db_query("UPDATE {$tp_prefix}articles SET intro='$newval' WHERE id=$val", __FILE__, __LINE__);
                       $go=3;

htmlspecialcharacters is always applied to the intro.

This is embedded in a giant loop starting at line 666 and ending at line 1237 where each $_POST variable is assigned to $what if:
Code Select


       if(isset($_REQUEST['send']) || isset($_REQUEST[$txt['tp-send']]) || isset($_REQUEST['tp_preview']) || isset($_REQUEST['TPadmin_blocks'])){


is true.  Our submit [save] button on the edit form is 'send' therefore it is applied EVERYTIME we save the article.

I understand that you should never ever echo something back to the browser that can be harmful.  But this is pure paranoia and defeats the whole purpose of the editor.

By changing line line 943 to read $newval=$value; and line 1000 to $newval=$value; it seems to have fixed the problem.

I'm not sure what the security ramifications might be, but since only admins can post articles, at this time it's a non-issue.

bigb

#13
January 27, 2008, 06:04:12 PM
Sorry for the long delay but thanks for he help this did the trick...  Not sure about the security ramifications but like you said only admins can post articles so there shouldn't be a problem..
Thanks again for the help.
Print
Go Up Pages 1 2 All
User actions

This website is proudly hosted on Crocweb Cloud Website Hosting.