phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015551phplist applicationHTML Email Supportpublic09-10-10 23:5028-04-11 18:12
Reporterh2b2 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.10.12 
Target Version2.10.13Fixed in Version2.10.14 
Summary0015551: Backslashes are stripped from HTML messages
Descriptionkenh reports that:
==== Start Quote ====
My problem is that the last message I sent out had some examples that included a file path like this:
C:\Windows\SysWOW64\odbcad32.exe

When I saved the message the backslashes were gone. So I put them back in and when I saved they were gone again. So I put in double slashes and then saved. It went to single slashes. Next save removed them completely.
==== End Quote ====
ref: http://forums.phplist.com/viewtopic.php?p=80173#p80173 [^]
Additional InformationI ran a test and can confirm this issue for HTML messages.
Plain text messages seem to be fine, at least when the 'manual text part' setting is enabled in config.php. Haven't tested automatic parsing into text messages.
TagsNo tags attached.
Attached Filesgz file icon send_core.php.tar.gz [^] (16,624 bytes) 10-10-10 18:43

- Relationships
related to 0011562resolvedmichiel Random Character Encoding Bug in SHIFT-JIS Japanese emails body & Subject 
related to 0015600resolvedmichiel Backslashes are stripped from HTML messages 

-  Notes
(0051125)
h2b2 (manager)
10-10-10 00:04

Stripping of backslashes could also be problematic in shift_jis encoded texts, as mentioned in http://www.php.net/manual/en/function.stripslashes.php#37876 [^] :
"Might I warn readers that they should be vary careful with the use of stripslashes on Japanese text. The shift_jis character set includes a number of two-byte code characters that contain the hex-value 0x5c (backslash) which will get stripped by this function thus garbling those characters."
(0051127)
h2b2 (manager)
10-10-10 18:42

duncanc found the offending code in admin/send_core.php:
==== Start Quote ====
the problem involves stripslashes. A similar problem also applies to the subject field.
Looking at the code, the problem with the message content seems to be caused by an unnecessary call to stripslashes when loading the fck editor window.
There is also a problem with stripslashes being called on data that is read from the message table as opposed to being submitted in a form. So even after fixing the first problem the slashes were lost after saving the message and then re-editing it. The code has this comment which is incorrect

 // If we've got magic quotes on, then we need to get rid of the slashes - either
 // from the database or from the previous $_POST

Attached is a modified version of send_core.php for 2.10.12

1) removes slashes on the message and msgsubject fields only on a form submission, not when the data is retrieved from the message table, around line 106, and also 172

2) removes a stripslashes() call when loading the fck editor window, around line 1182

I have done some testing and it seems to work without any side effects. Similar changes might have to be made for other fields that can validly contain a '\' character such as the footer text.
==== End Quote ====
(0051188)
michiel (manager)
28-04-11 18:12

http://phplist.svn.sourceforge.net/phplist/?rev=2658&view=rev [^]


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker