From 3bef9014ded2649daefd7e1c132c71752d7478b3 Mon Sep 17 00:00:00 2001 From: Marco Antonio Nina Date: Wed, 27 Jun 2012 18:49:09 -0400 Subject: [PATCH] BUG 9337 Hint with .commas. and/or "apostrophes" is not working SOLVED - We verified that when is intruduced a character strange the string is cut. - add sentence of escape to validate the string. --- workflow/engine/methods/dynaforms/fields_Edit.php | 5 +++-- workflow/engine/methods/dynaforms/fields_Save.php | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/workflow/engine/methods/dynaforms/fields_Edit.php b/workflow/engine/methods/dynaforms/fields_Edit.php index cb26cfda5..125ed576c 100755 --- a/workflow/engine/methods/dynaforms/fields_Edit.php +++ b/workflow/engine/methods/dynaforms/fields_Edit.php @@ -182,8 +182,9 @@ if (($RBAC_Response=$RBAC->userCanAccess("PM_FACTORY"))!=1) return $RBAC_Respons if( isset($Fields['PME_HINT']) ) { - $Fields['PME_HINT'] = str_replace("\'", "'", $Fields['PME_HINT']); - $Fields['PME_HINT'] = str_replace("&", "&", $Fields['PME_HINT']); + $Fields['PME_HINT'] = stripslashes($Fields['PME_HINT']); + $Fields['PME_HINT'] = htmlspecialchars_decode($Fields['PME_HINT']); + $Fields['PME_HINT'] = str_replace("'", "'", $Fields['PME_HINT']); } if (file_exists( PATH_XMLFORM . 'dynaforms/fields/' . $type . '.xml')) { diff --git a/workflow/engine/methods/dynaforms/fields_Save.php b/workflow/engine/methods/dynaforms/fields_Save.php index 86fad2938..b3eea978e 100755 --- a/workflow/engine/methods/dynaforms/fields_Save.php +++ b/workflow/engine/methods/dynaforms/fields_Save.php @@ -141,8 +141,11 @@ if (($RBAC_Response=$RBAC->userCanAccess("PM_FACTORY"))!=1) return $RBAC_Respons if ($_POST['form']['XMLNODE_NAME']==='') return; - $attributes = $_POST['form']; + + $attributes['HINT'] = addslashes($attributes['HINT']); + $attributes['HINT'] = htmlspecialchars($attributes['HINT'], ENT_QUOTES, "UTF-8"); + if (isset($attributes['CODE'])) $attributes['XMLNODE_VALUE'] = ($attributes['CODE']); $labels = array();