[ic] IC 4.6.5: '&' becomes '&' in html entered with item editor

Joachim Leidinger interchange-users@interchange.redhat.com
Fri Feb 22 03:53:01 2002 

Scott Andreas wrote:
> 
> I had the same problem long ago then I used the text2html filter and then
> all went away
> 
> I tried your experiment and everthing worked as it was suppose to...hmm
> 
> I use text2html filter to which I found being better at parsing the html
> tags correctly
> 
> Scott
> 
> -----Original Message-----
> From: interchange-users-admin@interchange.redhat.com
> [mailto:interchange-users-admin@interchange.redhat.com]On Behalf Of Ed
> LaFrance
> Sent: Thursday, February 21, 2002 9:56 AM
> To: interchange-users@interchange.redhat.com
> Subject: [ic] IC 4.6.5: '&' becomes '&' in html entered with item
> editor
> 
> Hi all -
> 
> Perl 5.6.0
> RH   6.2
> IC 4.6.5, construct demo
> 
> I've come across a minor mystery (to me). Any text entered in the item
> editor it the above catalog, which contains html tags (such as <b>bold
> text</b>) is being properly converted to html entities (&lt;b&gt;..etc) for
> display in text fields and textareas, and then back to html when the record
> is saved... but only for a superuser.  If I turn off the admin's superuser
> status (yet they still have full permissions for items), logout/login, and
> try the same test, the ampersand in the html entity gets converted to its
> own entity equivalent ('&amp;') which breaks subsequent decode operations.
> 
> No filters have been explicitly set for the field in question.  The
> behavior occurs in an unmodified construct demo, installed right out of the
> box, and has been tried with both gdbm and MySQL databases, not that it
> would matter.
> 
> Can anyone confirm this, and is there a patch?
> 
> Thanks,
> 
> Ed L.

Yes, I can! If as a super user, I'm able to add a link like <A
HREF="[area 12345]">See the tools...</A> and that link is working in my
shop. But an non-super-user will get a broken link, if he add the same
kind of links into the products data table, because the char "[" will be
stored als &lt; into the table. 

Ed,

look into the usertag UI/usertag/display and search for the line

my $DECODE_CHARS = qq{[<"\000-\037\177-\377};

...

HTML::Entities::encode($text, '&');
HTML::Entities::encode($text, $DECODE_CHARS);

it seems to my, that is not right!

Joachim

-- 
Hans-Joachim Leidinger | Dipl.-Phys.Ing. Entwicklung eCommerce
[leidinger@bpanet.de] 
Black Point Arts Internet Solutions GmbH
http://www.bpanet.de