Bug found when show_record_tree is enabled with FCKEditor

Archived from the Xataface Users forum.

kevinwen — Mon Apr 12, 2010 11:36 am

I found a bug when show_record_tree is enabled with FCKEditor in use. The problem is $record->toJS() just outputs whatever stored in the database without using the html entities for special characters like “<”, “<script”, “</script>”, etc. When the “</script>” tag is included in the data, the “Code Barf” happens like the following screenshot:

The bug exists in RecordNavMenu.html at line 176:

Code: Select all

document.recordIndex['{$record->getId()}'] = {$record->toJS()};

Can some body fix this problem so I don’t have disable the show_record_tree functionality? Thanks.

---

shannah — Tue Apr 13, 2010 9:31 am

What version of xataface are you using?

---

kevinwen — Tue Apr 13, 2010 5:35 pm

1.2.2 1616

---

shannah — Wed Apr 14, 2010 10:43 am

OK.. I have fixed this in SVN. Here is the diff for this particular fix:

Code: Select all

stevepbook:xataface shannah$ svn diff -r 1789:1790 Index: Dataface/Record.php =================================================================== --- Dataface/Record.php   (revision 1789) +++ Dataface/Record.php   (revision 1790) @@ -2661,19 +2661,19 @@       $out = array();       foreach ( $strvals as $key=>$val){          if ( $this->checkPermission('view', array('field'=>$key)) ){ -            if ( $this->_table->isInt($key) or $this->_table->isFloat($key) ){ -               $out[] = "'{$key}': ".($val ? $val : 'null'); -            } else { -    -               $out[] = "'{$key}': '".str_replace("\n","\\n",str_replace("\r","",addslashes($val)))."'"; -            } +            $out[$key] = $val; +                      }       } -      $out[] = "'__title__': '".addslashes($this->getTitle())."'"; -      $out[] = "'__url__': '".addslashes($this->getURL())."'"; -      $out[] = "'__expandable__': ".($this->checkPermission('expandable')?1:0); +      $out['__title__'] = $this->getTitle(); +      //$out[] = "'__title__': '".addslashes($this->getTitle())."'"; +      $out['__url__'] = $this->getURL(); +      //$out[] = "'__url__': '".addslashes($this->getURL())."'"; +      $out['__expandable'] = ($this->checkPermission('expandable')?1:0); +      //$out[] = "'__expandable__': ".($this->checkPermission('expandable')?1:0);        -      return '{'.implode(',',$out).'}'; +      return json_encode($out); +      //return '{'.implode(',',$out).'}';