Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: [FIX]Integrated HTML Entities Handling for Text Input Areas  (Read 9611 times)

Ben_Tech

  • Newbie
  • *
  • Karma: 0
  • Posts: 10
[FIX]Integrated HTML Entities Handling for Text Input Areas
« on: August 10, 2006, 05:35:52 PM »

Thanks to Keyrocks for sharing the code that sparked my idea.

Here is how to solve the age old issue with snews whereby nothing is actually posted when an apostrophe ( ' ) or other HTML entity is present in the input.

This series of fixes seems to work well for those (like me) who just want to paste in articles and comments without any issues with unintended HTML entity conversion. The trade-off is that these fixes will not work for those who wish to pepper their articles with manual HTML coding. However, increased security is obtained when no code can be run, especially in the comment areas.

1) Comments function fix

Go to line 739-740 in the // COMMENTS section:

$name = $_POST['name'];
$comment = $_POST['text'];

Then, REPLACE those two lines with:

Code: [Select]
$_POST['name1'] = htmlentities(htmlentities($_POST['name'], $quote_style), ENT_QUOTES);
$name = stripslashes($_POST['name1']);
$_POST['text1'] = htmlentities(htmlentities($_POST['text'], $quote_style), ENT_QUOTES);
$comment = stripslashes($_POST['text1']);
2) Edit mode fix, part 1

Now, here is the first of two changes that fix the advanced edit mode, so that it does not ruin our nice formatting by converting the HTML entities.

Scroll down to line 1236 in the // EDIT ARTICLE section:


Then, REPLACE that line with this line:

Code: [Select]
$text = str_replace(array("
", "

", "

"), "" , $r[text]); }
3) New Article function + Edit Comment fixes

This fixes the New Article posting feature in the admin area. This also solves the issue of being unable to edit any comment containing HTML entites.

Scroll a bit more to lines 1420-1421 in the // PROCESSING (CATEGORIES, ARTICLES, COMMENTS) section:

$comment = str_replace("\'", "'", $_POST['editedcomment']);
$text = str_replace("\'", "'", $_POST['text']);

Next, REPLACE those two lines with this:

Code: [Select]
$comment1 = htmlentities(htmlentities($_POST['editedcomment'], $quote_style), ENT_QUOTES);
$comment = stripslashes($comment1);
$text1 = htmlentities(htmlentities($_POST['text'], $quote_style), ENT_QUOTES);
$text = stripslashes($text1);
4) Edit mode fix, part 2

This fix solves the issue where advanced edit mode will not retain the paragraph tags, thus your css fonts will not be applied.

Scroll down to line 1590 where you will see a series of lines similar to this:

mysql_query("UPDATE ". s('prefix'). "articles SET title='$title' WHERE id='$id'");

Now, this time we are not replacing anything. Press ENTER to make room for the following line, then paste it in the new blank space, just above the series of mysql_query lines:

Code: [Select]
$text = str_replace('

', '', '

' . preg_replace('#\n|\r#', '

$0

', $text) . '

');
If I find any other issues, I'll post more fixes. Enjoy. :)
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #1 on: August 10, 2006, 06:09:53 PM »

Wow! So simple and so efficient! Excellent Ben_Tech! I just tried this (offline) by adding a code string in the Comments textarea and it displays the code perfectly!
... Now... to figure out how we can apply this site-wide to any page in sNews, no matter where the code is inserted... in a textarea OR in a static HTML page within a module in the root directory. Perhaps it is just a matter of replacing the same line wherever it occurs throughout the snews.php file. :)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Ben_Tech

  • Newbie
  • *
  • Karma: 0
  • Posts: 10
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #2 on: August 10, 2006, 09:24:25 PM »

Updated first post with the fix for the New Article submission page. Now, we can paste pretty much anything into the box and go.
Logged

Luka

  • Administrator
  • ULTIMATE member
  • ******
  • Karma: 36
  • Posts: 1716
    • http://www.snewscms.com
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #3 on: August 10, 2006, 09:36:45 PM »

Excellent work guys, noted :)
Logged

Ben_Tech

  • Newbie
  • *
  • Karma: 0
  • Posts: 10
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #4 on: August 10, 2006, 10:49:23 PM »

Sure thing, Luka! :)

I edited post #1 with more fixes, this time solving issues with the advanced edit mode.
Logged

bryn

  • Hero Member
  • *****
  • Karma: 2
  • Posts: 934
    • http://www.cssugly.com
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #5 on: August 10, 2006, 10:54:26 PM »

fantastic Ben_Tech, this will help a lot of people including me..much appreciated mate :D
Logged
Over 1,000 posts of joy, sNews is not only brilliant, but fun too! thanks guys :D

Ben_Tech

  • Newbie
  • *
  • Karma: 0
  • Posts: 10
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #6 on: August 10, 2006, 11:22:23 PM »

Okay, probably it for today. Post #1 updated with another fix, this time the comment editor. :)
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #7 on: August 10, 2006, 11:48:22 PM »

Ben_Tech:
Gave your mods a try. Couple of bugs noted.

1. The first line in your post #1:
Code: [Select]
$text = str_replace("\'", "'", $_POST['text']);I cannot find in the New Article function... I can't even locate a text variable in there (snews.php, version 1.4).

2. With the last line of your mod added - before the MySQL query strings ( to keep it working in advanced edit mode) - it seemed to strip out the P tags in advanced edit mode, and the article saved and displayed with no text formatting. I disabled it, brought the article up in Simple Edit mode, saved it, and the formatting went back to normal.
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Ben_Tech

  • Newbie
  • *
  • Karma: 0
  • Posts: 10
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #8 on: August 11, 2006, 12:00:42 AM »

It is on line 1421 in a stock snews 1.4 as noted.... it solves the issue with the new article function but is not located in that section. It's in the ' // PROCESSING (CATEGORIES, ARTICLES, COMMENTS)' section.

Edited post #1 to make the line location a bit clearer.

Regarding #2, not sure, it works perfectly here.
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #9 on: August 11, 2006, 04:03:10 PM »

Post Removed and Replaced - Here's why:
I spent some time getting Ben_Tech's "fix" figured out this morning and posted what I felt was a clearer-to-understand version of it here after doing so. I applied the "fix" for a second and third time, and kept running into problems with it displaying the HTML entity replacements with their and-signs and semi-colons. So I replaced my earlier post with this.

The only reason we appear to be going down this road came out of my initial search for a way to display raw code within a custom quotebox with span-styles for colors in static HTML modules. Earlier this week I shared an HTML Conversion Utility I used to make code display properly in my module pages. Then Ben_Tech came up with his "fix" to bring us where we are now... which for me... isn't working out.

So... I realized that I had not tried using my quotebox for code display in the actual New Article textarea (Admin Panel) and gave it a try. I just added my 2nd stylesheet - modules.css, to index.php, then wrapped a string of raw PHP code in the div-class-quotebox and span-style to color the code. And it works fine.

Another Edit Note:
I have no problem with apostrophes and double-quotes in my installation of sNews at snews.ca. I've also got raw code displaying cleanly in an article by wrapping it in some custom .css styles. The only problem experienced now is that whenever an article is saved, sNews automatically adds p-tags to every line, causing it to display double-spaced.
The Answer: All edits must be done in the Advanced Edit mode. Once you remove the p-tags in Advanced Edit mode, they are not auto-added again on save. It is also necessary to prefix each line with several -   - for indentation, and end each line with a line-return for proper display. You can review my ongoing tests by visiting my site using the link under my avatar. It is the first article posted in the articles container.
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Ben_Tech

  • Newbie
  • *
  • Karma: 0
  • Posts: 10
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #10 on: August 16, 2006, 11:55:02 PM »

Updated post one to clarify who this might work for, and simplify the patching procedure.
Logged

abarak

  • Guest
[FIX]Integrated HTML Entities Handling for Text Input Areas
« Reply #11 on: November 12, 2006, 06:51:07 PM »

Is this fix applicable to sNews 1.5? I am a newcomer and I realized the problem exists and persists in 1.5.  When I try to create a new article by copying and pasting articles Snews often posts nothing.
Logged