[Vtigercrm-developers] picklist escaping
Adam Heinz
amh at metricwise.net
Wed May 23 09:32:07 PDT 2012
If I'm following this logic correctly:
1. Admin picklist editor escapes newly added value and stores in database
http://trac.vtiger.com/cgi-bin/trac.cgi/browser/vtigercrm/branches/5.4.0/modules/PickList/PickListAction.php#L38
Displaying uitype 15 in entity edit view:
2a. Don't escape again when
http://trac.vtiger.com/cgi-bin/trac.cgi/browser/vtigercrm/branches/5.4.0/include/utils/EditViewUtils.php#L215
Displaying uitype 16 in entity edit view:
2b. Think about unescaping, but don't because we're not in a popup
http://trac.vtiger.com/cgi-bin/trac.cgi/browser/vtigercrm/branches/5.4.0/include/utils/EditViewUtils.php#L176
2c. Escape the value again
http://trac.vtiger.com/cgi-bin/trac.cgi/browser/vtigercrm/branches/5.4.0/include/utils/EditViewUtils.php#L189
I don't think it makes sense to store the escaped value in the
database. HTML escaping things too early causes problems / additional
work for XML exporting and such. Any opposition to me putting in a
bug for 6.x to scrub escaped values from the database and simplify the
display logic? I really think the uitype 15 and 16 sections should be
mostly collapsed, except for how they pull their picklist values.
More information about the vtigercrm-developers
mailing list