View Issue Details

IDProjectCategoryView StatusLast Update
0015551phplist applicationHTML Email Supportpublic28-04-11 19:12
Reporterh2b2 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.10.12 
Target Version2.10.13Fixed in Version2.10.14 
Summary0015551: Backslashes are stripped from HTML messages
Descriptionkenh reports that:
==== Start Quote ====
My problem is that the last message I sent out had some examples that included a file path like this:
C:\Windows\SysWOW64\odbcad32.exe

When I saved the message the backslashes were gone. So I put them back in and when I saved they were gone again. So I put in double slashes and then saved. It went to single slashes. Next save removed them completely.
==== End Quote ====
ref: http://forums.phplist.com/viewtopic.php?p=80173#p80173
Additional InformationI ran a test and can confirm this issue for HTML messages.
Plain text messages seem to be fine, at least when the 'manual text part' setting is enabled in config.php. Haven't tested automatic parsing into text messages.
TagsNo tags attached.

Relationships

related to 0011562 resolvedmichiel Random Character Encoding Bug in SHIFT-JIS Japanese emails body & Subject 
related to 0015600 resolvedmichiel Backslashes are stripped from HTML messages 

Activities

h2b2

10-10-10 01:04

manager   ~0051125

Stripping of backslashes could also be problematic in shift_jis encoded texts, as mentioned in http://www.php.net/manual/en/function.stripslashes.php#37876 :
"Might I warn readers that they should be vary careful with the use of stripslashes on Japanese text. The shift_jis character set includes a number of two-byte code characters that contain the hex-value 0x5c (backslash) which will get stripped by this function thus garbling those characters."

h2b2

10-10-10 19:42

manager   ~0051127

duncanc found the offending code in admin/send_core.php:
==== Start Quote ====
the problem involves stripslashes. A similar problem also applies to the subject field.
Looking at the code, the problem with the message content seems to be caused by an unnecessary call to stripslashes when loading the fck editor window.
There is also a problem with stripslashes being called on data that is read from the message table as opposed to being submitted in a form. So even after fixing the first problem the slashes were lost after saving the message and then re-editing it. The code has this comment which is incorrect

 // If we've got magic quotes on, then we need to get rid of the slashes - either
 // from the database or from the previous $_POST

Attached is a modified version of send_core.php for 2.10.12

1) removes slashes on the message and msgsubject fields only on a form submission, not when the data is retrieved from the message table, around line 106, and also 172

2) removes a stripslashes() call when loading the fck editor window, around line 1182

I have done some testing and it seems to work without any side effects. Similar changes might have to be made for other fields that can validly contain a '\' character such as the footer text.
==== End Quote ====

h2b2

10-10-10 19:43

manager  

send_core.php.tar.gz (16,624 bytes)

michiel

28-04-11 19:12

manager   ~0051188

http://phplist.svn.sourceforge.net/phplist/?rev=2658&view=rev