FINALLY the problem where special characters like © being turned into (c) has been fixed. Also you can now use HTML such as forms in text areas safely.

2002-11-23 16:21:06 +00:00 · 2002-11-23 16:21:06 +00:00 · 0624b0c50c
commit 0624b0c50c
parent b9e482cf72
3 changed files with 16 additions and 13 deletions
--- a/lib/WebGUI/Form.pm
+++ b/lib/WebGUI/Form.pm
@ -76,6 +76,13 @@ sub _fixQuotes {
        return $value;
 }

+#-------------------------------------------------------------------
+sub _fixSpecialCharacters {
+	my $value = shift;
+	$value =~ s/\&/\&amp\;/g;
+	return $value;
+}
+
 #-------------------------------------------------------------------

 =head2 checkbox ( hashRef )
@ -633,8 +640,6 @@ sub hiddenList {
 sub HTMLArea {
        my ($output, $value);
        $output = '<script language="JavaScript">function fixChars(element) {element.value = element.value.replace(/~V/mg,"-");}</script>';
-        $value =~ s/\</\&lt\;/g;
-        $value =~ s/\>/\&gt\;/g;
 	if ($session{setting}{richEditor} eq "edit-on-pro") {
 		$output .= '<script language="JavaScript">
 			var formObj;
@ -659,7 +664,7 @@ sub HTMLArea {
 	               } </script>';
 	}
        $output .= '<input type="button" onClick="openEditWindow(this.form.'.$_[0]->{name}.')" value="'.
-        	WebGUI::International::get(171).'" style="font-size: 8pt;"><br>';
+        	WebGUI::International::get(171).'" style="font-size: 8pt;">'."<br>\n";
 	$output .= textarea({
 		name=>$_[0]->{name},
 		value=>$_[0]->{value},
@ -1121,6 +1126,7 @@ sub template {
 sub text {
        my ($size, $maxLength, $value);
 	$value = _fixQuotes($_[0]->{value});
+        $value = _fixSpecialCharacters($value);
        $maxLength = $_[0]->{maxlength} || 255;
        $size = $_[0]->{size} || $session{setting}{textBoxSize} || 30;
        return '<input type="text" name="'.$_[0]->{name}.'" value="'.$value.'" size="'.
@ -1167,12 +1173,15 @@ sub text {
 =cut

 sub textarea {
-        my ($columns, $rows, $wrap);
+        my ($columns, $value, $rows, $wrap);
 	$wrap = $_[0]->{virtual} || "virtual";
 	$rows = $_[0]->{rows} || $session{setting}{textAreaRows} || 5;
 	$columns = $_[0]->{columns} || $session{setting}{textAreaCols} || 50;
+	$value = _fixSpecialCharacters($_[0]->{value});
+	$value =~ s/\</\&lt\;/g;
+        $value =~ s/\>/\&gt\;/g;
        return '<textarea name="'.$_[0]->{name}.'" cols="'.$columns.'" rows="'.$rows.'" wrap="'.
-		$wrap.'" '.$_[0]->{extras}.'>'.$_[0]->{value}.'</textarea>';
+		$wrap.'" '.$_[0]->{extras}.'>'.$value.'</textarea>';
 }

 #-------------------------------------------------------------------
--- a/lib/WebGUI/HTMLForm.pm
+++ b/lib/WebGUI/HTMLForm.pm
@ -83,13 +83,6 @@ use WebGUI::SQL;

 =cut

-#-------------------------------------------------------------------
-sub _fixQuotes {
-        my $value = shift;
-	$value =~ s/\"/\&quot\;/g;
-        return $value;
-}
-
 #-------------------------------------------------------------------
 sub _subtext {
 	my $output;
--- a/lib/WebGUI/Wobject/MailForm.pm
+++ b/lib/WebGUI/Wobject/MailForm.pm
@ -12,6 +12,7 @@ package WebGUI::Wobject::MailForm;

 use strict;
 use Tie::CPHash;
+use WebGUI::Form;
 use WebGUI::HTMLForm;
 use WebGUI::Icon;
 use WebGUI::International;
@ -412,7 +413,7 @@ sub _fieldAdminIcons {
 sub _textSelectRow {
 	my ($self, $textName, $textLabel, $textValue, $textMaxLength, $selectName, $selectOptions, $selectValue) = @_;
 	my $output;
-	$textValue = WebGUI::HTMLForm::_fixQuotes($textValue);
+	$textValue = WebGUI::Form::_fixQuotes($textValue);
 	my $textSize = $session{setting}{textBoxSize};
 	$output = '<input type="text" name="'.$textName.'" value="'.$textValue.'" size="'.
 		$textSize.'" maxlength="'.$textMaxLength.'">';