Alan,<div><br></div><div>Each administrator can add announcements. The owner can clear the same.</div><div><br></div><div>Look at the following:</div><div><ul><li>include/utils/CommonUtils.php - function get_announcements()</li>
<li>Smarty/templates/Header.tpl - ANNOUNCEMENT output to HTML</li></ul><div>Let us know if you get over a solution.</div></div><div><br></div><div>Regards,</div><div>Prasad</div><div>vtiger Team</div><div><br><div class="gmail_quote">
On Mon, Jun 11, 2012 at 2:57 PM, Alan Lord (News) <span dir="ltr"><<a href="mailto:alanslists@gmail.com" target="_blank">alanslists@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hmm something else is a bit nasty with this.<br>
<br>
The original announcement with the apostrophe was created by a user with<br>
an normal id number (i.e. not 1).<br>
<br>
I logged into their system (as admin) and edited their announcement to<br>
remove the apostrophes. But rather than removing the original<br>
announcement, it added a second one to the database table! Meaning the<br>
apostrophe bug was still present as the marquee was now showing both<br>
announcements.<br>
<br>
The only way to fix this was to go into MySQL and manually delete the<br>
original announcement record from the vtiger_announcement table.<br>
<br>
My colleague also made an interesting comment. This is likely to be<br>
quite a security bug too as you could probably inject javascript into<br>
the announcement...<br>
<br>
Cheers<br>
<span class="HOEnZb"><font color="#888888"><br>
Al<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
On 11/06/12 07:54, Alan Lord (News) wrote:<br>
> Caught this one this morning...<br>
><br>
> <a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7440" target="_blank">http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7440</a><br>
><br>
> Should be easy enough to fix (I guess the ' isn't being escaped or<br>
> converted but it's quite a nasty one. Using an apostrophe is common<br>
> place and no access to the More menu is rather limiting.<br>
><br>
> Cheers<br>
><br>
> Al<br>
><br>
<br>
<br>
--<br>
Libertus Solutions<br>
<a href="http://www.libertus.co.uk" target="_blank">http://www.libertus.co.uk</a><br>
<br>
_______________________________________________<br>
<a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br>
</div></div></blockquote></div><br></div>