Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to translate HTML from catalog side textarea?


muskokee

Recommended Posts

Hi everyone. I am again in need of assistance :rolleyes: If I have missed any thank yous for help already given.......THANK YOU!!

 

Without this forum I could not have accomplished all I have since starting with OSC.

 

What do I have to code to allow catalog side textarea's to translate html? I am thinking there is somthing missing in the actual submission of the data on the catalog side. I can submit such things as personal messages from admin and have the html show us on the catalog side with a little help from 'stripslashes', but submitting from the catalog side writes the tags to the output (not very nice to look at).

 

How do I submit, store and output html tages from the textarea? Are there PHP functions for this?

 

Appreciate any knowledge you can pass on. I would stick in a groveling smiley here but the forum doesn't have one :lol:

 

Sheri

 

Another thought...has some code been put into place that dissallows html to be written in the textareas?

Link to comment
Share on other sites

Another thought...has some code been put into place that dissallows html to be written in the textareas?

 

OK, this function is messing with the string in Product Reviews write:

 

tep_sanitize_string

 

It is removing html characters that are needed to display the text editor entry properly.

 

So, I removed it and other things in the tep_draw_textarea to experiment but have found that even stripping the call to the function to the basic info still has the <> being removed and replaced with _.

 

Any ideas?

 

Here's the little bit of code:

<td><?php echo tep_draw_textarea_field('review', 'soft', 50, 15, tep_sanitize_string($_POST['enquiry']), '', false); ?></td>

 

function tep_sanitize_string($string) {
$string = ereg_replace(' +', ' ', trim($string));

return preg_replace("/[<>]/", '_', $string);
 }

 

 

Sheri

Link to comment
Share on other sites

OK, this function is messing with the string in Product Reviews write:

 

tep_sanitize_string

 

It is removing html characters that are needed to display the text editor entry properly.

 

So, I removed it and other things in the tep_draw_textarea to experiment but have found that even stripping the call to the function to the basic info still has the <> being removed and replaced with _.

 

Any ideas?

 

Here's the little bit of code:

<td><?php echo tep_draw_textarea_field('review', 'soft', 50, 15, tep_sanitize_string($_POST['enquiry']), '', false); ?></td>

 

function tep_sanitize_string($string) {
$string = ereg_replace(' +', ' ', trim($string));

return preg_replace("/[<>]/", '_', $string);
 }

Sheri

 

You said the <> (HTML Tags) are being replaced with an _ (underscore)

 

In this line

return preg_replace("/[<>]/", '_', $string);

 

what if you replace the '_' with '' so that the statement would look like this

 return preg_replace("/[<>]/", '', $string);

Link to comment
Share on other sites

You said the <> (HTML Tags) are being replaced with an _ (underscore)

 

In this line

return preg_replace("/[<>]/", '_', $string);

 

what if you replace the '_' with '' so that the statement would look like this

 return preg_replace("/[<>]/", '', $string);

 

Thank you for your reply. The issue runs a little deeper than your suggestion..but I appreciate it! I have been experimenting this morning with reviews_write, reviews, html output and general.php. It is a big combination going on to strip any possible html tags from being outputted. A conspiracy! :lol:

 

Basically, no matter what I change the db is still receiving preg_replace.

 

I'll keep trucking to see if I can track it down.

 

Sheri

Link to comment
Share on other sites

You said the <> (HTML Tags) are being replaced with an _ (underscore)

 

In this line

return preg_replace("/[<>]/", '_', $string);

 

what if you replace the '_' with '' so that the statement would look like this

 return preg_replace("/[<>]/", '', $string);

 

Thank you for your reply. The issue runs a little deeper than your suggestion..but I appreciate it! I have been experimenting this morning with reviews_write, reviews, html output and general.php. It is a big combination going on to strip any possible html tags from being outputted. A conspiracy! :lol:

 

Basically, no matter what I change the db is still receiving preg_replace.

 

I'll keep trucking to see if I can track it down.

 

Sheri

Link to comment
Share on other sites

Hope you all don't mind if I use this thread to talk to myself.

I figure things out better that way.

 

So here's the pertainant code with regard to the reviews textarea (writing the code to the db that is):

 

PREPARING THE INPUT:

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

 

INSERTING INTO DB IF NO ERRORS:

tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");

START OF THE SUBMISSION FORM:

<?php echo tep_draw_form('product_reviews_write', tep_href_link(FILENAME_PRODUCT_REVIEWS_WRITE, 'action=process&products_id=' . $HTTP_GET_VARS['products_id']), 'post', 'onSubmit="return checkForm();"'); ?>

 

TEXTAREA INPUT:

<td><?php echo tep_draw_textarea_field('review', 'soft', 50, 15, tep_sanitize_string($_POST['enquiry']), '', false); ?></td>

 

(which is strange because the copy of osc I recently dwnloaded has this as the textarea field):

 

<td class="main"><?php echo tep_draw_textarea_field('review', 'soft', 60, 15); ?></td>

 

NO MATTER...the string is still being replaced even with the "original" textarea.

 

that's about it for the write part. So WHY??? does it replace the html chars < & >?

 

so the output looks like this:

 

_b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_

 

 

Time to ponder because until the db registers the html chars, there is no point in going to think about the display on reviews which should only require a stripslashes anyway.

 

Sheri

Link to comment
Share on other sites

Hope you all don't mind if I use this thread to talk to myself.

I figure things out better that way.

 

So here's the pertainant code with regard to the reviews textarea (writing the code to the db that is):

 

PREPARING THE INPUT:

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$rating = tep_db_prepare_input($HTTP_POST_VARS['rating']);
$review = tep_db_prepare_input($HTTP_POST_VARS['review']);

 

INSERTING INTO DB IF NO ERRORS:

tep_db_query("insert into " . TABLE_REVIEWS_DESCRIPTION . " (reviews_id, languages_id, reviews_text) values ('" . (int)$insert_id . "', '" . (int)$languages_id . "', '" . tep_db_input($review) . "')");

START OF THE SUBMISSION FORM:

<?php echo tep_draw_form('product_reviews_write', tep_href_link(FILENAME_PRODUCT_REVIEWS_WRITE, 'action=process&products_id=' . $HTTP_GET_VARS['products_id']), 'post', 'onSubmit="return checkForm();"'); ?>

 

TEXTAREA INPUT:

<td><?php echo tep_draw_textarea_field('review', 'soft', 50, 15, tep_sanitize_string($_POST['enquiry']), '', false); ?></td>

 

(which is strange because the copy of osc I recently dwnloaded has this as the textarea field):

 

<td class="main"><?php echo tep_draw_textarea_field('review', 'soft', 60, 15); ?></td>

 

NO MATTER...the string is still being replaced even with the "original" textarea.

 

that's about it for the write part. So WHY??? does it replace the html chars < & >?

 

so the output looks like this:

 

_b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_ _b_HELLO_/b_

 

 

Time to ponder because until the db registers the html chars, there is no point in going to think about the display on reviews which should only require a stripslashes anyway.

 

Sheri

Link to comment
Share on other sites

Whoops! Looks like the last post was sent twice. Sorry :blush:

 

I am just about out of my mind. Is there anyone who has any info on how to get the catalog side textareas to accept html tags?

 

TinyMce is supposed to ignore all php but, I guess it doesn't.

 

What can I do? :sweating:

 

Sheri

Link to comment
Share on other sites

So,

 

I installed another editor---HTMLArea--- to replace TinyMCE. I had dreams that it was a problem with TinyMCE but alas, my dreams were crushed :'(

 

New question:

 

What makes it possible for admin to transfer html tags to the db? Does it have to do with the info being an "object" or to do with htmlspecialchars?

 

Chewing my fingers raw in anticipation :o

 

Sheri

Link to comment
Share on other sites

I'm definitely not a coder, and I don't play one on TV either :D , but... on the surface... being able to put html in the reviews seems like a security risk. Again, I'm not really sure but maybe someone more knowlegeable could throw in their 2 cents.

 

Sorry this isn't an answer for you, and maybe I misunderstood. But at least you're not talking to yourself anymore. :P

Link to comment
Share on other sites

I'm definitely not a coder, and I don't play one on TV either :D , but... on the surface... being able to put html in the reviews seems like a security risk. Again, I'm not really sure but maybe someone more knowlegeable could throw in their 2 cents.

 

Yah, I thought about that but I also thought...Hey! I'm typing into an html text editor right now! And there are forums everywhere that use text editors. HTML is a static language so I don't really think you could input malicious code. But I may be wrong! (Hope not). I plan to make sure that the text editor is coded to disallow certain html tags such as <a href> and <src> and <img> and any other tag that could lead to penis enlargement advertisement. :lol:

 

Sorry this isn't an answer for you, and maybe I misunderstood. But at least you're not talking to yourself anymore. :P

 

Thanks for responding...those men in the nice white coats were about to drag me off to the pretty pink rubber room. :unsure:

 

Sheri

Link to comment
Share on other sites

BREAKTHROUGH!!!

 

Sort of.

 

OK, so now I have the html showing up in the review..complete with < > !!

 

Used htmlspecialchars to prepare the input.

 

Hmmm, now to get the reviews to display the input as html and text and not just as a text.

 

Sheri

Link to comment
Share on other sites

  • 1 month later...
BREAKTHROUGH!!!

 

Sort of.

 

OK, so now I have the html showing up in the review..complete with < > !!

 

Used htmlspecialchars to prepare the input.

 

Hmmm, now to get the reviews to display the input as html and text and not just as a text.

 

Sheri

 

Hi,

 

Sheri

 

How did you do that?

 

I would like to comment our customers reviews, where customer give good review but there is wrong product information.

 

Jari

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...