Login Retreive lost passwordRegister
Search

Forum Index / General / Backslash Bug

[ This topic is unsolved! ]

  Arno Nuyts 18 December 12 / 12:32  
I found a bug when setting or posting a value for a textfield. When you post a value with double backslash it is reduced to a single backslash.

This bug is due the usage of the sprintf function of php.

This bug was posted in
http://www.formhandler.net/?pg=9&id=3198
http://www.formhandler.net/topic/5485/quotes_and_backslashes.html

In the first post the bug is fixed by Teye in the file class.MaskLoader.php. This fix doesn't work for me, the class doesn't even seem to get loaded.

In the second post it solved but the fix isn't present in the current release. Also it should be done in every field-class that uses sprintf to display values. This are the changes I propose:

// in class.TextField.php replace line 130:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)):''),

// in class.HiddenField.php replace line 28:
(isset( $this->_mValue ) ? str_replace('\\','\\\\', htmlspecialchars( $this->_mValue )) : ''),

// in class.TextSelectField.php replace line 76:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)):''),

// in class.TextSelectField.php replace line 188:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)) : ''),

// in class.BrowserField.php replace line 82:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)):''),

Note that I don't use the db version of formhandler so I don't know if the changes are needed in the db version of the field-classes. Also I have no clue in what case class.MaskLoader.php is called (is it still used?). The double fix of the bug would result in twice as much backslashes.

  Arno Nuyts 18 December 12 / 13:13  
In addition SelectField.php and TextSelectField.php should also be fixed
// SelectField.php Replace line 149:
str_replace('\\','\\\\', $sValue)

// SelectField.php Replace line 174:
str_replace('\\','\\\\', $sOptions),


// TextSelectField.php Replace line 57:
$this->_sOptions .= sprintf( FH_TEXTSELECT_OPTION_MASK, $sName, str_replace('\\','\\\\', $value) );

// TextSelectField.php Replace line 76:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)):''),

// TextSelectField.php Replace line 82:
str_replace('\\', '\\\\', $this->_sOptions)

  Top


© 2004 - 2017 FormHandler. All rights reserved.   -   Open source license