phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002786phplist applicationSubscribe Processpublic23-03-05 09:3020-05-05 21:34
Reporternetwear 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.9.4 
Target VersionFixed in Version2.9.5 
Summary0002786: Escaped Characters in Template Output
DescriptionUnder certain circumstances, i can reproduce it when trying to unsubscribe an nonexisting adress - the output of the header and footer has escaped characters which destroys the browser output. The page source code looks like this:

<td><img src=\"/ecke_ru.gif\" width=\"9\" height=\"9\"></td>
      <td bgcolor=\"#FFCC00\"><img src=\"/gelb.gif\" width=\"10\" height=\"9\"></td>
      <td bgcolor=\"#999999\"><img src=\"/grau.gif\" width=\"3\" height=\"9\"></td>

TagsNo tags attached.
Attached Files

- Relationships
related to 0002036closedmichiel Magic Quotes problems 
related to 0002457resolvedmichiel PHPList v2.9.5 release 

-  Notes
(0004004)
michiel (manager)
23-03-05 11:18

please make sure your magic quotes settings are correct
(0004010)
netwear (reporter)
23-03-05 12:43

Hello Michiel!

I just found out the real problem behind the error in index.php:

If a non existing adress leads to an empty $id after the db-query which is than replaced by the default id later on in the script.

It is better to give a submitted $id a higher priority (even over the user preferences) so i changed around line 90

*/
} else {
  $userid = "";
  $userpassword = "";
  $emailcheck = "";
}

# make sure the subscribe page still exists
$req = Sql_fetch_row_query(sprintf('select id from %s where id = %d',$tables["subscribepage"],$id));
$id = $req[0];
$msg = "";


to the following:

*/
} else {
  $userid = "";
  $userpassword = "";
  $emailcheck = "";
}

if ($_REQUEST["id"]){
   $id = $_REQUEST["id"];
}

# make sure the subscribe page still exists
$req = Sql_fetch_row_query(sprintf('select id from %s where id = %d',$tables["subscribepage"],$id));
$id = $req[0];
$msg = "";

And it works!

Why the submitted $id=1 causes the quotes-problem i still havn´t found out...
Maybe it has something to do with the fact that i deleted list 1...

Harald
(0004984)
michiel (manager)
20-05-05 21:34

thanks your code change has been added to CVS


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker