Bug found when show_record_tree is enabled with FCKEditor

A place for users and developers of the Xataface to discuss and receive support.

Bug found when show_record_tree is enabled with FCKEditor

Postby kevinwen » Mon Apr 12, 2010 11:36 am

I found a bug when show_record_tree is enabled with FCKEditor in use. The problem is $record->toJS() just outputs whatever stored in the database without using the html entities for special characters like "<", "<script", "</script>", etc. When the "</script>" tag is included in the data, the "Code Barf" happens like the following screenshot:

The bug exists in RecordNavMenu.html at line 176:

Code: Select all
document.recordIndex['{$record->getId()}'] = {$record->toJS()};


Can some body fix this problem so I don't have disable the show_record_tree functionality? Thanks.
Attachments
bug.jpg
bug.jpg (48.35 KiB) Viewed 978 times
kevinwen
 
Posts: 109
Joined: Mon Dec 28, 2009 3:44 pm

Re: Bug found when show_record_tree is enabled with FCKEditor

Postby shannah » Tue Apr 13, 2010 9:31 am

What version of xataface are you using?
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Bug found when show_record_tree is enabled with FCKEditor

Postby kevinwen » Tue Apr 13, 2010 5:35 pm

1.2.2 1616
kevinwen
 
Posts: 109
Joined: Mon Dec 28, 2009 3:44 pm

Re: Bug found when show_record_tree is enabled with FCKEditor

Postby shannah » Wed Apr 14, 2010 10:43 am

OK.. I have fixed this in SVN. Here is the diff for this particular fix:

Code: Select all
stevepbook:xataface shannah$ svn diff -r 1789:1790
Index: Dataface/Record.php
===================================================================
--- Dataface/Record.php   (revision 1789)
+++ Dataface/Record.php   (revision 1790)
@@ -2661,19 +2661,19 @@
      $out = array();
      foreach ( $strvals as $key=>$val){
         if ( $this->checkPermission('view', array('field'=>$key)) ){
-            if ( $this->_table->isInt($key) or $this->_table->isFloat($key) ){
-               $out[] = "'{$key}': ".($val ? $val : 'null');
-            } else {
-   
-               $out[] = "'{$key}': '".str_replace("\n","\\n",str_replace("\r","",addslashes($val)))."'";
-            }
+            $out[$key] = $val;
+            
         }
      }
-      $out[] = "'__title__': '".addslashes($this->getTitle())."'";
-      $out[] = "'__url__': '".addslashes($this->getURL())."'";
-      $out[] = "'__expandable__': ".($this->checkPermission('expandable')?1:0);
+      $out['__title__'] = $this->getTitle();
+      //$out[] = "'__title__': '".addslashes($this->getTitle())."'";
+      $out['__url__'] = $this->getURL();
+      //$out[] = "'__url__': '".addslashes($this->getURL())."'";
+      $out['__expandable'] = ($this->checkPermission('expandable')?1:0);
+      //$out[] = "'__expandable__': ".($this->checkPermission('expandable')?1:0);
      
-      return '{'.implode(',',$out).'}';
+      return json_encode($out);
+      //return '{'.implode(',',$out).'}';
      
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 35 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved