View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0002786phpList 3 applicationSubscribe Processpublic23-03-05 09:3020-05-05 21:34
Reporternetwear Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.9.4 
Fixed in Version2.9.5 
Summary0002786: Escaped Characters in Template Output
DescriptionUnder certain circumstances, i can reproduce it when trying to unsubscribe an nonexisting adress - the output of the header and footer has escaped characters which destroys the browser output. The page source code looks like this:

<td><img src=\"/ecke_ru.gif\" width=\"9\" height=\"9\"></td>
      <td bgcolor=\"#FFCC00\"><img src=\"/gelb.gif\" width=\"10\" height=\"9\"></td>
      <td bgcolor=\"#999999\"><img src=\"/grau.gif\" width=\"3\" height=\"9\"></td>

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0002036 closedmichiel Magic Quotes problems 
related to 0002457 resolvedmichiel PHPList v2.9.5 release 

Activities

michiel

23-03-05 11:18

administrator   ~0004004

please make sure your magic quotes settings are correct

netwear

23-03-05 12:43

reporter   ~0004010

Hello Michiel!

I just found out the real problem behind the error in index.php:

If a non existing adress leads to an empty $id after the db-query which is than replaced by the default id later on in the script.

It is better to give a submitted $id a higher priority (even over the user preferences) so i changed around line 90

*/
} else {
  $userid = "";
  $userpassword = "";
  $emailcheck = "";
}

# make sure the subscribe page still exists
$req = Sql_fetch_row_query(sprintf('select id from %s where id = %d',$tables["subscribepage"],$id));
$id = $req[0];
$msg = "";


to the following:

*/
} else {
  $userid = "";
  $userpassword = "";
  $emailcheck = "";
}

if ($_REQUEST["id"]){
   $id = $_REQUEST["id"];
}

# make sure the subscribe page still exists
$req = Sql_fetch_row_query(sprintf('select id from %s where id = %d',$tables["subscribepage"],$id));
$id = $req[0];
$msg = "";

And it works!

Why the submitted $id=1 causes the quotes-problem i still havn´t found out...
Maybe it has something to do with the fact that i deleted list 1...

Harald

michiel

20-05-05 21:34

administrator   ~0004984

thanks your code change has been added to CVS