Ampersands in Code ..

Found a bug? Tell us!!
Post Reply
Lux
Regular
Posts: 764
Joined: Fri Aug 12, 2005 4:36 pm
Location: Grüt, Zürich, Switzerland
Contact:

Ampersands in Code ..

Post by Lux »

Hi!

Any ideas how to fix this?

http://www.deimeke.net/dirk/blog/index. ... tml#c19796

Cheers

Dirk
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: Ampersands in Code ..

Post by Timbalu »

Yes, its this

Code: Select all

&
part in

Code: Select all

<div class="serendipity_commentBody clearfix content">
                <p class="whiteline"><img src="http://www.deimeke.net/dirk/blog/index.php?/plugin/cachedAvatar_cd250bbdfe737a04fbabc18a74ee997e_3138b2d6a8060d847599d293f0486b10_e009b4c6ab13f11bd3b76f11c0070bc4" alt="*" title="Florian Bruhin" class="comment_avatar avatar_right" height="40" width="40"/>Hm, das Kommentarsystem scheint offensichtlich ampersands (zumindest in code-Blöcken) kaputt zu machen.
</p><p class="whiteline">foo & bar
</p><p class="break"><div class="bb-code-title">CODE:</div><div class="bb-code">foo&#160;&amp;&#160;bar</div></p>
        </div>
(which btw is a good example explaining why I think this nl2p option is working "faulty"...) and is a follow-up of code parts being already encoded (in your case probably by the bbcode plugin) and Serendipity using PHPs htmlspecialchars() method with its default option regarding the double_encoding parameter. It should be bool $double_encode = false in this and other cases, to not encode twice already encoded items.

For the moment you can only avoid this easily per smarty modifier replace, eg

Code: Select all

{$comment.body|replace:"&amp;":"&"
AddOn: The serendipity_event_xhtmlcleanup plugin had a method for something similar, called fixUTFEntity(), but it is not used any more and is only available in some old blogs and does not cover this case of the double encoded ampersand itself. Since I encountered this sort of problem of several double encoded items in my test blogs too, in special with ISO-8859-1 blogs and some test cases, but the decision was made to keep the origin param true for security to be straight, I testwise added a similar method to my Serendipity core to rework some output like this

Code: Select all

    /**
     * Fix double encoded entities by htmlspeciachars() for ISO-8859-1 charsets
     * and some other cases
     *
     * @param  string
     * @access public
     * @return string
     */
    function serendipity_smarty_fixUTFEntity($string) {
        return preg_replace('/&#(x[a-f0-9]{1,4}|[0-9]{1,5});/', '&#$1;', str_replace('&amp;','&',$string));
    }
registered it with

Code: Select all

$serendipity['smarty']->registerPlugin('modifier', 'serendipity_fixUTFEntity', 'serendipity_smarty_fixUTFEntity');
and used it in Smarty templates ie in admin/comments like this

Code: Select all

{$comment.title|escape|serendipity_fixUTFEntity}
{$comment.fullBody|strip|serendipity_fixUTFEntity|truncate:120} for summary comments
{$comment.fullBody|serendipity_fixUTFEntity}
In short: As you can see by this, you also have the option to write your own modifier (in config.inc.php), instead of the simple replace modifier thing. :)
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Lux
Regular
Posts: 764
Joined: Fri Aug 12, 2005 4:36 pm
Location: Grüt, Zürich, Switzerland
Contact:

Re: Ampersands in Code ..

Post by Lux »

Hi

Many thanks, Ian!

I take a look once I am at home again.

Cheers

Dirk
Post Reply