Webmastersite.net
Register Log In
  1. WSN Support Forums
  2. Paid Scripts Support
  3. Special characters in link field values

Special characters in link field values
legal or illegal?

Comments on Special characters in link field values

joshberm
Nothing is impossible...

Usergroup: Customer
Joined: Aug 07, 2006
Location: Tampa, Florida

Total Topics: 36
Total Comments: 91
joshberm
#1 - Quote - Permalink
Posted Oct 08, 2006 - 6:46 PM:

It seems that single quotes and ampersands are legal in {LINKTITLE} but illegal (i.e. cause PHP problems at runtime) when used in custom text linkfields such as {LINKADDRESS} and {LINKCITY}.

Is there a way to make these custom fields accept single quotes, ampersands, or other special characters?? I am curious why the title can contain them....
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
#2 - Quote - Permalink
Posted Oct 09, 2006 - 7:51 PM:

No such problem, wasted a few minutes creating a test with the first link at www.temp.wsnforum.com/wsnli...snlinks/brand_new_category
joshberm
Nothing is impossible...

Usergroup: Customer
Joined: Aug 07, 2006
Location: Tampa, Florida

Total Topics: 36
Total Comments: 91
joshberm
#3 - Quote - Permalink
Posted Oct 10, 2006 - 4:16 AM:

It looks like you're testing special characters in {LINKDESCRIPTION}...

As I said, my problem has been only with custom text fields that I added.

When I use single quotes or ampersands I get raw PHP code spit out at the top of the page.
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
#4 - Quote - Permalink
Posted Oct 11, 2006 - 2:59 AM:

No, the field is named 'test', not 'description'.

<IF {SHOWREGULAR}>
<table width="100%" cellpadding="5" cellspacing="10">
<!-- BEGIN REGULAR LINKS -->
<td {LINKWIDTH} valign="top" class="link">
<IF {LINKURL}>
<a href="{TRACKLINKURL}" {EXTERNALLINKS}>{LINKTITLE}</a>
<OTHERWISE>
{LINKTITLE}
</IF>
{LINKNEW} {LINKISUPDATED} <IF {LINKISREAD}><img src="templates/default/images/visited.gif" alt="{LANG_GENERAL_ALREADYVIEWED}" title="{LANG_GENERAL_ALREADYVIEWED}"></IF> {LINKADMIN}
<br>Test: {LINKTEST}<br>
<IF {SWITCH_RATINGS} and {LINKRATING}><br><img src="templates/default/images/stars{LINKNUMSTARS}.gif" alt="{LINKRATING}/{MAXVOTE}" title="{LINKRATING}/{MAXVOTE}"> ({LINKVOTES} {LANG_GENERAL_VOTES})</IF>
<IF {SWITCH_PAGERANK}><br><img src="templates/default/images/pagerank/{LINKPAGERANK}.gif" alt="{LANG_GENERAL_PAGERANK} {LINKPAGERANK}" title="{LANG_GENERAL_PAGERANK} {LINKPAGERANK}"></IF>
<br>{LINKDESCRIPTION} 

<div class="linktools">
<br>{LANG_SHOWLINKS_SUBMITTED} {LINKDATE}<IF {LINKLASTEDIT} is greater than {LINKTIME}>, {L_LANG_SHOWLINKS_EDITED} {LINKLASTEDITDATE}</IF>. <br>
<IF {SWITCH_HITS}>{LINKHITS} {LANG_GENERAL_HITSOUT}, {LINKHITSIN} {LANG_GENERAL_HITSIN}.<br></IF> 
<br>
<a href="{LINKDETAILSURL}"><img src="templates/default/images/linktools_details.gif" border="0" alt="{LANG_GENERAL_DETAILS}"> {LANG_GENERAL_DETAILS}</a> 
<IF {SWITCH_RATINGS}><a href="vote.php?id={LINKID}"><img src="templates/default/images/linktools_rate.gif" border="0" alt="{LANG_GENERAL_RATE}"> {LANG_GENERAL_RATE}</a></IF> 
<IF {SWITCH_REPORTS}><a href="report.php?id={LINKID}"><img src="templates/default/images/linktools_report.gif" border="0" alt="{LANG_GENERAL_REPORT}"> {LANG_GENERAL_REPORT}</a></IF> 
<IF {THISMEMBERGROUPCANEMAIL}><a href="email.php?id={LINKID}"><img src="templates/default/images/linktools_emaillink.gif" border="0" alt="{LANG_GENERAL_EMAIL}"> {LANG_GENERAL_EMAIL}</a></IF> 
<IF {THISMEMBERGROUPCANEMAILMEMBERS} and {LINKHASEMAIL}><a href="emailsubmitter.php?id={LINKID}"><img src="templates/default/images/linktools_emailsubmitter.gif" border="0" alt="{LANG_GENERAL_EMAILSUBMITTER}"> {LANG_GENERAL_EMAILSUBMITTER}</a></IF> 
<a href="javascript:window.external.AddFavorite('{LINKURL}', '{LINKBOOKMARKTITLE}')"><img src="templates/default/images/linktools_bookmark.gif" border="0" alt="{LANG_SHOWLINKS_BOOKMARK}"> {LANG_SHOWLINKS_BOOKMARK}</a> 
<IF {SWITCH_ALBUMS} and {THISMEMBERISREGISTERED}><a href="albums.php?add={LINKID}"><img src="templates/default/images/linktools_save.gif" border="0" alt="{LANG_SHOWLINKS_ADDTOLIST}"> {LANG_SHOWLINKS_ADDTOLIST}</a></IF> 
<IF {SWITCH_COMMENTS}><a href="{LINKTHREADURL}"><img src="templates/default/images/linktools_comments.gif" border="0" alt="{P_LANG_GENERAL_COMMENTS}"> {P_LANG_GENERAL_COMMENTS} (<IF {LINKCOMMENTSREAD}>{LINKNUMCOMMENTS}<OTHERWISE><b>{LINKNUMCOMMENTS}</b></IF>)</a></IF> 

</div>

<IF {LINKFILEFIELD}><br>{LANG_SHOWLINKS_ATTACHED}:<br>
<!-- BEGIN LINK ATTACHMENTS -->
<a href="download.php?id={LINKID}&attachid={ATTACHID}">{ATTACHFILETITLE}</a> ({ATTACHKB} {LANG_GENERAL_KB}, {ATTACHDOWNLOADS} {LANG_DETAILS_DOWNLOADS})<br>
<IF {ATTACHISIMAGE}><a href="download.php?id={LINKID}&attachid={ATTACHID}"><img src="{ATTACHTHUMBURL}" alt="image"></a><br></IF>
<!-- END LINK ATTACHMENTS -->
</IF>

</td>
<!-- END REGULAR LINKS -->
</table>
</IF>


Anything which displays raw PHP code is a severe server configuration problem which exposes you to hacking. A correct apache should be incapable of exposing your source.
joshberm
Nothing is impossible...

Usergroup: Customer
Joined: Aug 07, 2006
Location: Tampa, Florida

Total Topics: 36
Total Comments: 91
joshberm
#5 - Quote - Permalink
Posted Oct 11, 2006 - 5:15 AM:

Would you be able to take this on as a paid project... take a look at this problem and see what's wrong with the server....
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
#6 - Quote - Permalink
Posted Oct 12, 2006 - 1:06 PM:

scripts.webmastersite.net/w...dex.php?section=inspection
joshberm
Nothing is impossible...

Usergroup: Customer
Joined: Aug 07, 2006
Location: Tampa, Florida

Total Topics: 36
Total Comments: 91
joshberm
#7 - Quote - Permalink
Posted Oct 12, 2006 - 5:41 PM:

I went back and looked at the PHP code that was printed out, and it was because
<?php
$address='{LINKADDRESS}';
$city='{LINKCITY}';
getmap($address, $city, $image);
?>

should be
<?php
$address="{LINKADDRESS}";
$city="{LINKCITY}";
getmap($address, $city, $image);
?>


But now I have the same problem if someone enters a double quote in one of those custom fields. This problem does not occur in {LINKTITLE} and {LINKDESCRIPTION}. Is there a function somewhere that changes these quotes into HTML character codes?
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
#8 - Quote - Permalink
Posted Oct 14, 2006 - 1:09 AM:

addslashes escapes quotes and encodeit replaces them, but I don't see how it'll do you any good in a template. You should probably work with the object directly,
$l = new onelink('id', {LINKID});
getmap($l->address, $l->city, $image);
despite the extra load time involved.
joshberm
Nothing is impossible...

Usergroup: Customer
Joined: Aug 07, 2006
Location: Tampa, Florida

Total Topics: 36
Total Comments: 91
joshberm
#9 - Quote - Permalink
Posted Oct 19, 2006 - 9:30 AM:

This was fixed when MagicQuotes was turned on.
joshberm
Nothing is impossible...

Usergroup: Customer
Joined: Aug 07, 2006
Location: Tampa, Florida

Total Topics: 36
Total Comments: 91
joshberm
#10 - Quote - Permalink
Posted Oct 25, 2006 - 10:07 AM:

Just out of curiousity, where did you set Magic Quotes to ON?

I was in my PHP.INI file and noticed this:
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of ').
magic_quotes_sybase = Off


It looks like it is still OFF.
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
#11 - Quote - Permalink
Posted Oct 26, 2006 - 3:08 AM:

I didn't set it, it just came that way. Anyhow it ought to work in the current version with magic quotes off, I'm not going require anyone to turn them on.

My php.ini, though, contains
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of ').
magic_quotes_sybase = Off
Search thread for
Download thread as
  • 0/5
  • 1
  • 2
  • 3
  • 4
  • 5



This thread is closed, so you cannot post a reply.