Weblinks rate this site

Worker Joined: Dec 23, 2005 Posts: 226 Location: UK

In weblinks - rate this site
I'm getting \' when it should just be '

it's ok in the weblinks home page

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Interesting. I doubt Raven made any changes to that module, other than secure / patch it.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

That is correct. I will put it on the list of things to check.

Posted: Wed Apr 19, 2006 10:39 am

I have gone over and over this and I can't seem to find it. Can you detail exactly how to reproduce it and where it is exactly?

Posted: Wed Apr 19, 2006 3:23 pm

It took me about 10 tries but I finally duplicated the problem.

If you make the title of a link be say: MHCC Bike Club's then when you go to the "rate this site" link you will see MHCC Bike Club\'s.

You can see this on frank.ravenwebhosting.com if you don't want to duplicate it yourself. When you just look at the link in weblink it appears normal.

Actually this link should take you right there.

Only registered users can see links on this board! Get registered or login!

Posted: Wed Apr 19, 2006 3:46 pm

in the modules/weblinks/index.php I believe we might need a stripslashes.

Code:

function ratelink($lid, $user, $ttitle) {


    global $prefix, $cookie, $datetime, $module_name;


    include("header.php");


    menu(1);


    echo "<br>";


    OpenTable();


    $ttitle = stripslashes(htmlentities($ttitle));


    echo 'ttitle after first htmlentities '  . $ttitle . '<br>'; 


    $transfertitle = ereg_replace ("_", " ", $ttitle);


    $displaytitle = $transfertitle;


    if(isset($_SERVER['REMOTE_HOST'])) { $ip = $_SERVER['REMOTE_HOST'];}


    if (empty($ip)) {


       $ip = $_SERVER['REMOTE_ADDR'];


    }


        echo 'displaytitle before second htmlentities '  . $displaytitle . '<br>'; 


    echo "<b>".htmlentities($displaytitle)."</b>"

The code in the "official" version doesn't have the stripslashes before the htmlentities. After sticking the echoes in I determined that $ttitle is coming in as "MHCC bike club\s" and there is nothing to strip out the \.

On the other hand why not?

Code:

function ratelink($lid, $user, $ttitle) {


    global $prefix, $cookie, $datetime, $module_name;


    include("header.php");


    menu(1);


    echo "<br>";


    OpenTable();


    $ttitle = stripslashes(htmlentities(ereg_replace ("_", " ", $ttitle)));


    if(isset($_SERVER['REMOTE_HOST'])) { $ip = $_SERVER['REMOTE_HOST'];}


    if (empty($ip)) {


       $ip = $_SERVER['REMOTE_ADDR'];


    }


    echo "<b>".($ttitle)."</b>"


   ."<ul><font class=\"content\">"

Saves two (I think) redundant variable declarations and one htmlentities. I can't see where it has any negative effects.