|
The key here, if I'm not wrong is that we should be using htmlspecialchars() when exporting data to XML, instead of the full (and buggy) htmlentities().
Moving this to DC... can you please test the generated preset with some "strange" characters both with htmlentities() (current behaviour) and htmlspecialchars() (proposed behaviour). Also, you'll need to test of that preset using htmlspecialchars() to check that "strange" characters are also imported properly. I would suggest you to post here your research results before committing anything, just to decide if the proposed htmlspecialchars() is the correct one (I hope yes). TIA and ciao The differences between htmlspecialchars and htmlentities can be found in php.net:
http://au2.php.net/manual/en/function.htmlentities.php I think we should filter single and double quote here, so I used ENT_QUOTES parameter here. I test umlauts and Chinese characters in mod/data, it is alright now. Dongsheng, since you have closed this bug, I am wondering where your fix is available. Could you please attach the patch here?
Sorry, I forgot to attach the patch. You can find the changes here: http://cvs.moodle.org/moodle/mod/data/lib.php?r1=1.147&r2=1.148
 Thank you, now I see. So the fix was committed into the HEAD branch. Will it also be available in MOODLE_19_STABLE?
Yes, it is available in MOODLE_19_STABLE branch
 Very good news, thank you Dongsheng.
What about also committing the attached little beast (preset-import-menu.patch) which fixes the bug discussed at Sorry for posting the "preset-import-menu.patch" here - the bug fixed by that patch is
Eloy, yes, please remove my attachment from here - the right place to discuss this issue should be
Deleted. Thanks Robert.
Unfortunately, this bug is not yet completely solved - please reopen.
What is still not possible is using single quotes within the description of fields (not tested at other places yet). At exporting the preset.zip, single quotes get replaced by "'" in the preset.xml - for example, there will be a field definition like this: <field> When trying to reimport that preset.zip, all fields containing this escaped single quote (or a true single quote character) will NOT import As I mentioned before, I used ENT_QUOTES argument to filter single and double quote in the field name(for security), now I realize single and double quote are very useful in the field name, so I should remove this argument, how do you think, Eloy?
Keep single and double quote in present.xml, Thanks Robert.
If I'm not wrong... XML data must be free, exclusively of these chars: < > & and they must be transformed by their corresponding entitied.
In the other side... XML attributes must be free of the chars above AND these chars: " ' Our XML doesn't use XML attributes at all, so it safe to use NOENT_QUOTES as you've done. Then, automatically, XML parsers, when reading that XML, will revert the entities to their original chars. In fact, the problem with single quotes is that htmlspecialchars() doesn't encode it properly. It should be ' and not ' But that's not important here, as we aren't using XML attributes, as explained above. I say all this because, for exampe, in backup, we use htmlspecialchars() without parameters. That means that apart of < > &, also " are being transformed to " and, when we restore those files they are transformed back to " automatically. So: 1) Patch looks ok (although I guess that it's safe to, simply, don't use the 2nd parameter, like backups does). Ciao Still does not work. Please re-re-open.
Now the difference to the previous attempt is that a single quote gets exported literally, however a single quote within a preset.xml's field description still fails to import, no matter if it is there literally (as ') or as entity ('). Grrr, this is the never ending bug! Thanks for testing Robert.
Oki, to fix this, definitively, Dongsheng, can you, please: 1) Use htmlspecialchars() without parameter at all. TIA! B-) Reopening.... as requested... thanks again!
About htmlspecialchars(), I remove the second parameter now, it worked, but the double quote will be changed to entity.
function get_settings() doesn't use addslashes(), that is the reason why you cannot import files with single quote. fixed and tested.
Double quote and single quote can be included in preset.xml now, double quote will be changed to entity, single quote doesn't change, please review, feel free to open it if you find any problems. (I hope it works well  ) Finally..... it W O R K S
)
Thank you all. hmm, the use of magic quotes is not optional at all in data mod
 fortunaletly it will be gone in 2.0 Verified. Closing...
BTW, Petr... I don't get your latest comment... anything important? Feel free to reopen if so. Ciao |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bug
Closed
Critical
Databas field description with Umlauts get seaved as strange encodings -> preset can't be imported
 |
|
Creating such fields within the web interface work without problems, exporting the resulting preset.zip works, too, however, re-imprting the .zip will fail!
So, for the moment take much care not to use any "forbidden" characters in the fields' names, descriptions or options.