beddo Posted April 6, 2007 Posted April 6, 2007 I haven't a clue where this came from and what the cause is, but I've had a client tell me that their contact us form isn't working. To figure out why, I've been dumping all sorts of variables to the screen. Most specifically, using this code in includes/application_top.php and admin/includes/application_top: if ($configuration['cfgKey'] == 'CONTACT_US_LIST') {echo "<pre>" . print_r($configuration) . "</pre>";} Now the data stored in the database for the contact us list is fine as "name <[email protected]>". The problem that I am having is that the <[email protected]> seems to completely vanish. This means that all parts of oscommerce working with email addresses out of the configuration table are buggered! The only place that displays properly is the output table of the admin panel which runs the config value through htmlspecialchars() first. So my question is, howcome the configuration values are going wonky and if htmlspecialchars is the way to get it displayed to the screen, is the best solution to run all the variables through the function as they are pulled from the database or will that break other things in osCommerce that I don't know about?
beddo Posted April 6, 2007 Author Posted April 6, 2007 Even with htmlspecialchars passing the right variable, the contact us form code still doesn't appear to work :/ echo "<pre>" . CONTACT_US_LIST; $send_to_array=explode("," ,CONTACT_US_LIST); echo "<br>"; echo print_r($send_to_array); echo "<br>"; preg_match('/\<[^>]+\>/', $send_to_array[$send_to], $send_email_array); echo print_r($send_email_array); $send_to_email= eregi_replace (">", "", $send_email_array[0]); $send_to_email= eregi_replace ("<", "", $send_to_email); echo $send_to_email; echo "</pre>"; Gives the following output name <[email protected]> Array ( [0] => name <[email protected]> ) 1 Array ( ) 1 So it looks like not only has the configuration table gone wonky, but there's a problem with the regex in the contact us form. Doesn't make sense seen as it was all working and I didn't change anything!
beddo Posted April 6, 2007 Author Posted April 6, 2007 Okay the second part can be ignored, I stripped out part of the contribution that was using the contact us list as oppose to the normal email address thereby doing away with the code that was being silly. I've changed application_top.php (normal and admin) to use htmlspecialchars and nothing appears to be broken but if anyone knows of any gotchas with it I would appreciate knowing. $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION); while ($configuration = tep_db_fetch_array($configuration_query)) { define($configuration['cfgKey'], htmlspecialchars($configuration['cfgValue'])); }
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.