Page 1 of 1

Bug found when show_record_tree is enabled with FCKEditor

PostPosted: Mon Apr 12, 2010 11:36 am
by kevinwen
I found a bug when show_record_tree is enabled with FCKEditor in use. The problem is $record->toJS() just outputs whatever stored in the database without using the html entities for special characters like "<", "<script", "</script>", etc. When the "</script>" tag is included in the data, the "Code Barf" happens like the following screenshot:

The bug exists in RecordNavMenu.html at line 176:

Code: Select all
document.recordIndex['{$record->getId()}'] = {$record->toJS()};


Can some body fix this problem so I don't have disable the show_record_tree functionality? Thanks.

Re: Bug found when show_record_tree is enabled with FCKEditor

PostPosted: Tue Apr 13, 2010 9:31 am
by shannah
What version of xataface are you using?

Re: Bug found when show_record_tree is enabled with FCKEditor

PostPosted: Tue Apr 13, 2010 5:35 pm
by kevinwen
1.2.2 1616

Re: Bug found when show_record_tree is enabled with FCKEditor

PostPosted: Wed Apr 14, 2010 10:43 am
by shannah
OK.. I have fixed this in SVN. Here is the diff for this particular fix:

Code: Select all
stevepbook:xataface shannah$ svn diff -r 1789:1790
Index: Dataface/Record.php
===================================================================
--- Dataface/Record.php   (revision 1789)
+++ Dataface/Record.php   (revision 1790)
@@ -2661,19 +2661,19 @@
      $out = array();
      foreach ( $strvals as $key=>$val){
         if ( $this->checkPermission('view', array('field'=>$key)) ){
-            if ( $this->_table->isInt($key) or $this->_table->isFloat($key) ){
-               $out[] = "'{$key}': ".($val ? $val : 'null');
-            } else {
-   
-               $out[] = "'{$key}': '".str_replace("\n","\\n",str_replace("\r","",addslashes($val)))."'";
-            }
+            $out[$key] = $val;
+            
         }
      }
-      $out[] = "'__title__': '".addslashes($this->getTitle())."'";
-      $out[] = "'__url__': '".addslashes($this->getURL())."'";
-      $out[] = "'__expandable__': ".($this->checkPermission('expandable')?1:0);
+      $out['__title__'] = $this->getTitle();
+      //$out[] = "'__title__': '".addslashes($this->getTitle())."'";
+      $out['__url__'] = $this->getURL();
+      //$out[] = "'__url__': '".addslashes($this->getURL())."'";
+      $out['__expandable'] = ($this->checkPermission('expandable')?1:0);
+      //$out[] = "'__expandable__': ".($this->checkPermission('expandable')?1:0);
      
-      return '{'.implode(',',$out).'}';
+      return json_encode($out);
+      //return '{'.implode(',',$out).'}';