View Issue Details

IDProjectCategoryView StatusLast Update
0008919phplist applicationRSSpublic21-01-08 18:50
Reporterskoenig 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.11.2 
Target Version4.0.xFixed in Version2.10.5 
Summary0008919: $ symbols within feeds are interpreted as variables at send time
DescriptionNote: It's been happening since my first build 2.10.2 but wasn't an important thing until now.

Set up an RSS list.
Point the feed to something that has dollars in frequently like engadget
http://feeds.engadget.com/weblogsinc/engadget

Set up an HTML newsletter (haven't checked Text yet).

What should be $9.99 comes out as .99

Looking at the feeds the RSS HTML data is properly encapsulated in [content] CDATAs but I think this error also happens when it's raw TEXT as in a [description] field.

Might be a quick fix but i can't navigate the feed parser so easily.

I checked all the incoming feeds against feedvalidator and they all pass.
TagsNo tags attached.

Relationships

related to 0002705 closed PHPList v2.11 release 
related to 0003721 closed phplist 2.10.x 

Activities

skoenig

18-01-07 19:06

reporter   ~0022691

Fixed.

In rsslib.php in function parseRSSTemplate escape $ symbols already in the content before processing starts during the for each loop.

Thus the functions looks like below:

function parseRSSTemplate($template,$data) {
  foreach ($data as $key => $val) {
    if (!preg_match("#^\d+$#",$key)) {

      // SK MOD: escape $ symbols in $vals for content $keys
      $val = str_replace('$','\$',$val);

# print "$key => $val
";
      $template = preg_replace('#\['.preg_quote($key).'\]#i',$val,$template);
     }
   }
  $template = eregi_replace("\[[A-Z\. ]+\]","",$template);

  return $template;
}

Improvements and optimizations very very welcome.

user1822

23-08-07 18:40

  ~0030978

Suggested fix has been tested and it works indeed