View Issue Details

IDProjectCategoryView StatusLast Update
0008919phpList 3 applicationRSSpublic21-01-08 18:50
Reporterskoenig Assigned To 
Status resolvedResolutionfixed 
Product Version2.11.2 
Fixed in Version2.10.5 
Summary0008919: $ symbols within feeds are interpreted as variables at send time
DescriptionNote: It's been happening since my first build 2.10.2 but wasn't an important thing until now.

Set up an RSS list.
Point the feed to something that has dollars in frequently like engadget

Set up an HTML newsletter (haven't checked Text yet).

What should be $9.99 comes out as .99

Looking at the feeds the RSS HTML data is properly encapsulated in [content] CDATAs but I think this error also happens when it's raw TEXT as in a [description] field.

Might be a quick fix but i can't navigate the feed parser so easily.

I checked all the incoming feeds against feedvalidator and they all pass.
TagsNo tags attached.


related to 0002705 closed PHPList v2.11 release 
related to 0003721 closed phplist 2.10.x 



18-01-07 19:06

reporter   ~0022691


In rsslib.php in function parseRSSTemplate escape $ symbols already in the content before processing starts during the for each loop.

Thus the functions looks like below:

function parseRSSTemplate($template,$data) {
  foreach ($data as $key => $val) {
    if (!preg_match("#^\d+$#",$key)) {

      // SK MOD: escape $ symbols in $vals for content $keys
      $val = str_replace('$','\$',$val);

# print "$key => $val
      $template = preg_replace('#\['.preg_quote($key).'\]#i',$val,$template);
  $template = eregi_replace("\[[A-Z\. ]+\]","",$template);

  return $template;

Improvements and optimizations very very welcome.


23-08-07 18:40


Suggested fix has been tested and it works indeed