[Vtigercrm-developers] inconsistent html escaping

Adam Heinz amh at metricwise.net
Fri Feb 17 07:18:43 PST 2012 

On Fri, Feb 17, 2012 at 7:20 AM, srihari Tp <srihari.tp at vtiger.com> wrote:
>  Are you referring to only picklist values? We have tried to reproduce it
> with picklist values and noticed in [Mass] Edit -> Save, we get escaped html
> entities.But in Detailview edit , we don't get escaped html entities. We
> have attached some screen shots. Please review them and let us know whether
> you are talking about the same issue.

I'm getting escaped html entities in my XML.  The to_html() function
(called from deep within VTEntityData::fromEntityId) inspects the
$_REQUEST and decides to html escape some values (which end up in
$contactData), which are then blended with the non-escaped POST
variables (which end up in $data).  The XML serialization code has
little chance to get things right.  This workaround is awful, so I
hope everyone enjoys a good laugh.  This is NOT a patch for any
version of vtiger!  ;)

	/**
	 * @param $eventName string
	 * @param $data VTEntityData
	 */
	public function handleEvent($eventName, $data) {
		global $or_not_to_html;
		if (vtlib_isModuleActive('MyModule')) {
			if ($eventName == 'vtiger.entity.aftersave') {
				if ('Quotes' == $data->getModuleName()) {
					if ($data->get('my_field')) {
						$or_not_to_html = true; // XXX: Workaround to_html() escaping.
						$contactid = $data->get('contact_id');
						$contactdata = VTEntityData::fromEntityId($adb, $contactid);
						$this->createSoapRequest($contactdata, $data);
					}
				}
			}
		}
	}

Index: include/utils/utils.php
===================================================================
--- include/utils/utils.php	(revision 2126)
+++ include/utils/utils.php	(revision 2311)
@@ -1012,7 +1012,8 @@
 	if($_REQUEST['module'] != 'Settings' && $_REQUEST['file'] !=
'ListView' && $_REQUEST['module'] != 'Portal' && $_REQUEST['module']
!= "Reports")// && $_REQUEST['module'] != 'Emails')
 		$ajax_action = $_REQUEST['module'].'Ajax';

-	if(is_string($string))
+	global $or_not_to_html;
+	if(is_string($string) && !$or_not_to_html)
 	{
 		if($action != 'CustomView' && $action != 'Export' && $action !=
$ajax_action && $action != 'LeadConvertToEntities' && $action !=
'CreatePDF' && $action != 'ConvertAsFAQ' && $_REQUEST['module'] !=
'Dashboard' && $action != 'CreateSOPDF' && $action != 'SendPDFMail' &&
(!isset($_REQUEST['submode'])) )
 		{

More information about the vtigercrm-developers mailing list