Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Strip slashes from contact form email (eg isn\'t)

thewitt

By thewitt
in General Support

Recommended Posts

thewitt

thewitt

Posted
Posted

The Contact Form email has slashes embedded whenever it encounters a single quote.

 

I've searched the forums and not found any answers, though I did find the question asked at least three times without any reply.

 

Is there an easy way to strip these, or is this simply a limitation of the way sendmail is used to send the email?

 

Thanks,

 

-t

mattice

mattice

Posted
Posted

can't you just use stripslashes() before it gets mailed?

"Politics is the art of preventing people from taking part in affairs which properly concern them"

thewitt

thewitt

Posted
  • Author
Posted

You know, why something like this is not simply fixed as a bug is beyond me.

 

Thanks for the help, it's a simple fix and EVERYONE suffers from this unless they use a custom contact_us.php or edit the one that ships.

 

I still don't understand the way this project works I guess.

 

I'm afraid to make a contribution, since the process to get them rolled into the actual CVS release is black magic.

 

I just don't understand I guess.

Guest

Guest

Posted
Posted

Don't forget to check the other outgoing emails too...The order confirmation is one I remember fixing.

TB

TB

Posted
Posted

Excuse me for my ignorance... but where and how do I use this stripslashes() code?

 

Cheers,

Tony

"The price of success is perseverance. The price of failure comes much cheaper."

mattice

mattice

Posted
Posted
You know, why something like this is not simply fixed as a bug is beyond me.

 

Thanks for the help, it's a simple fix and EVERYONE suffers from this unless they use a custom contact_us.php or edit the one that ships.

 

I don't know if it is version related? (Haven't checked)

Doesn't seem to be in the bug tracker ( http://www.oscommerce.com/community.php/bugs/) so you could submit it.

 

I'm afraid to make a contribution, since the process to get them rolled into the actual CVS release is black magic.

Why? Just submit it. The whole point of the contrib sections is to help eachother out with code. I am sure A LOT of people would appreciate it, even if it was just a small doc saying 'And add stripslashes(bla) on that line"... there are more newbie's then coders on this board.

 

With all due respect.. the attitude you show in this mail does not help the project, which I think is a pity.

Submitting the bugreport and giving your code back to the community might not get it fixed in CVS immediately it will at least be

noticed. And meanwhile people that don't give a %^@#& about 'final releases' can improve their shop. They might not have a clue this is a problem.

 

Regards,

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

thewitt

thewitt

Posted
  • Author
Posted

It's OK to attack my attitide on this. I have thick skin.

 

I've been involved in a number of open source projects over the years - been in the programming business since 1982 - and have little pieces of code that are part of many different projects.

 

I don't have a significant background in PHP, but I'm coming up to speed quickly.

 

The theme of this project appears to be to collect a huge number of contributions instead of roll contributions into the project however, and I simply don't understand this. Linda has nearly a parallel development track going with thousands of lines of code that add really useful features, with on-off switches, and consequently many people are missing out on these because they are not able to integrate such a large collection of new code into OSC successfully. I can understand her desire to have the "perfect" before they get rolled in, however nothing is ever perfect. Ship it and move on.

 

I started playing with TEP back in the early days, and the theme has not changed since then. I just don't understand the philosophy, that's all. The "core" developers are really not taking advantage of the huge volumes of code available to them. The basic OSC project is useful as is, but it's so much more useful when you add in even 30% of the hundreds of available contributions.

 

There are some really great contributions that have been available for download for literally years that have never made it into the product.

 

This just blows my mind. I'l not being critical, just expressing my amazement that this is still the state of the project after such a long period of time. I certainly cannot recommend OSC for my customers who are not coders, or don't have them on staff. Something as simple as collecting the CVV code has never been rolled into the product. It's been around as a contribution forever in more than one version, and now that the checkout code has changed dramatically, someone has to go and update this again, provide a new contribution, help all the non-coders add it into their sites, etc. Much more work it seems than simply including these basic additions into the released code.

 

I'm just rambling now, and I'm certain my comments will inflame a number of the OSC faithful and I'm sorry for that. It just blows me away that there is so much in the contributions directory for this project, and so much of it has been around for literally years without being added to the project.

 

-t

thewitt

thewitt

Posted
  • Author
Posted
Excuse me for my ignorance... but where and how do I use this stripslashes() code?

 

Cheers,

Tony

No reason to appologize for ignorance.

 

You need to look for the call to tep_mail and add stripslashes around the "body" of the email argument.

 

If you look at the code for tell_a_friend.php, you'll find the correct usage.

 

The line in contact_us.php should look like this:

 

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, stripslashes($HTTP_POST_VARS['enquiry']), $HTTP_POST_VARS['name'], $HTTP_POST_VARS['email'], '');

 

I have not searched all the code for this problem and repaired it, but I will do so now. You should search for tep_mail in all of it's uses, check the input arguments to see if they are based on user input, and if they are, add the stripslashes call. Make sure you test, test, test after making the changes so that you don't introduce something you didn't intend.

 

-t

Guest

Guest

Posted
Posted

...and keep a clean backup file to replace the one you break.

mattice

mattice

Posted
Posted
It's OK to attack my attitide on this. I have thick skin.

I'm not attacking you, or at least that is not my intention. I just wanted to make clear that It's no use releasing it as it will never make CVS is an attitude that doesn't help out the community. Loads of people make use of contributions by Linda and others. All those people that ARE comfortable with minor tweaking of osC will not be introduced to your solution (how simple it may seem) unless they read this post.... I agree that something has to change regarding the contributions but I am sure it will happen soon as several threads have been dealing with the issue that haven't got unnoticed by the Devs.

I'm just rambling now, and I'm certain my comments will inflame a number of the OSC faithful and I'm sorry for that. It just blows me away that there is so much in the contributions directory for this project, and so much of it has been around for literally years without being added to the project.

No flames. You have valid points and you tell it like it is. I for one appreciate that.

 

But there might be more to a project then this you and me know about... There is talk of milestone releases in the weekly summary reports. I'm sure that is consuming most of the dev time. And hey... it's holiday season ;)

 

Regards,

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

TB

TB

Posted
Posted

How would I go about editing my entire site to a 'stripslashes' site?

Is this a wise move?

 

Another thing, in the from address of my outgoing e-mails I have 'blah', and this is how it is sent. Is there a way that I can make it send 'blah'?

 

Thanks,

Tony

"The price of success is perseverance. The price of failure comes much cheaper."

Guest

Guest

Posted
Posted

Tony....that's what the stripslashes does...changes isn't to isn't....

TB

TB

Posted
Posted

Ahh...

So how woul dI go about changing all my e-mail forms to 'stripslashes' versions?

 

Is there one reference that all the e-mail/newsletter forms load from, or do I need to go through all the forms and change them seperatly?

 

Many thanks,

Tony

"The price of success is perseverance. The price of failure comes much cheaper."

Guest

Guest

Posted
Posted

Go back to the very beginning of this thread....Read all of the posts. I promise, the answer is there.

TB

TB

Posted
Posted

Kim!

 

How right you are... 'Seek and you shall find young Grass Hopper!'

 

Viola! Just like magic... there was my answer, in black and white... and blue and grey and 3 coloured balls too... :roll:

 

Anyway, I guess you get the point that I found the answer I was after. :D

 

Many thanks,

Tony

"The price of success is perseverance. The price of failure comes much cheaper."

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...