vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Apostrophe and special characters in validfields? (https://vborg.vbsupport.ru/showthread.php?t=314456)

007 09-21-2014 05:13 PM

Apostrophe and special characters in validfields?
 
What is wrong with this code I'm using?

Code:

$this->validfields['customfield'] = array(TYPE_STR, REQ_NO);
I am having issues with text that contains an apostrophe. This is being used in a few locations including threaddata_start and threadfpdata_start.

I've also put the following code under edit_post_update_start

Code:

$vbulletin->input->clean_gpc('p', 'customfield', TYPE_STR);
$edit['customfield'] =& $vbulletin->GPC['customfield'];

Still, I get database errors when submitting text with apostrophes in this custom field.

Thoughts?

Dave 09-21-2014 05:53 PM

The clean_gpc function of vbulletin only checks for the type of the variable. (String, integer, etc.)
Now you are vulnerable to SQL injection, you need to escape your string with something like $db->escape_string($var);

tbworld 09-21-2014 06:44 PM

Quote:

Originally Posted by 007 (Post 2516072)
What is wrong with this code I'm using?

Code:

$this->validfields['customfield'] = array(TYPE_STR, REQ_NO);
I am having issues with text that contains an apostrophe. This is being used in a few locations including threaddata_start and threadfpdata_start.

I've also put the following code under edit_post_update_start

Code:

$vbulletin->input->clean_gpc('p', 'customfield', TYPE_STR);
$edit['customfield'] =& $vbulletin->GPC['customfield'];

Still, I get database errors when submitting text with apostrophes in this custom field.

Thoughts?

There is not enough code here to see what you are doing. The array "$edit" is not saved to the database directly, it is processed through the datamanager. $edit['customfield'] will not be stored by the datamanager without additional code so the datamanager can process it. At least, I believe this to be so. I will check it out when I get a chance. :)

007 09-22-2014 03:51 AM

Thanks for the tip Dave. I'm not using this code in a life environment yet since I'm still testing it. I'll make sure to escape it properly before going live.

tbworld, part of the problem is the code seems to be unfinished. I'm not sure where else I need to use a hook and what code to put there in order to achieve this.

tbworld 09-22-2014 04:28 AM

Quote:

Originally Posted by 007 (Post 2516127)
tbworld, part of the problem is the code seems to be unfinished. I'm not sure where else I need to use a hook and what code to put there in order to achieve this.

Unfortunately, I am unsure what you are trying to achieve? Is there another part of this post somewhere?

007 09-22-2014 04:58 AM

Oh, sorry. I'm adding an extra text field to threads for my own internal use and I want to be able to use apostrophes in it. I thought it would be simple (and it probably is), but I'm a little rusty and aren't sure how to achieve this with hooks.

tbworld 09-22-2014 05:05 AM

Is this a display field or an input field and what template / form is this to be positioned in? If an input field what values would this field hold?

I forgot what I learned last week, so your not alone. :)

007 09-22-2014 05:12 AM

It'll appear in the SHOWTHREAD template. It would hold custom text of varying characters. Just an extra field I'm creating for SEO purposes in some meta tags.

Thanks in advance for any ideas!

tbworld 09-22-2014 05:17 AM

Is it just a display field. No input required from the user?

007 09-22-2014 05:26 AM

I'll be the only one editing it and users won't even see it. I plan to add some conditions in the appropriate editor templates so others can't see it. It's just a display field that will show up when viewing the source of the page, but not even on the visible page itself.


All times are GMT. The time now is 05:38 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01043 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete