WordPress.org

Ready to get started?Download WordPress

Forums

OptionTree
[resolved] doulequote escaping pb (6 posts)

  1. clawfire
    Member
    Posted 3 years ago #

    Hi !
    First, thanks for the excellent work with this plugin. Just a little bug here, when i make a textarea where i want put some ads code like google dfp one, the doublequotes were escaped and invalidate the code :

    <!-- ca-pub-7774402031105449/Leaderboard -->
    <script type=\"text/javascript\">
    GA_googleFillSlot(\"Leaderboard\");
    </script>

    i'm conscious you must escape char like doublequote but it will be better if you keep it in mind when you give the result to display :)
    Hope it will be fixed very soon.

    http://wordpress.org/extend/plugins/option-tree/

  2. Demand Creativiry
    Member
    Posted 3 years ago #

    You need to add stripslashes() around any places the values are printed off.

    Line 23 of functions/admin/textarea.php
    echo $settings[$value->item_id];
    becomes
    echo stripslashes($settings[$value->item_id]);

    Line 29 of functions/get-option-tree.php
    $content = $options[$item_id];
    becomes
    $content = stripslashes($options[$item_id]);

  3. clawfire
    Member
    Posted 3 years ago #

    @designspike
    Thxs a lot, trying to patch the plugin with that ;)

  4. Derek Herman
    Member
    Plugin Author

    Posted 3 years ago #

    I'll make the fixes. stripslashes() was added in a lot of places but it looks like a I missed a couple.

  5. EvGreen
    Member
    Posted 3 years ago #

    yeh, noticed that yesterday.
    When adding doublequote to textarea in optiontree and then using stripslashes($item_id) in the template it all works.

    But when I move around optiontree, saving the options for other tabs, after a few saves it starts to add slashes in that mentioned textarea, and thus destroys the content in it.

    Any idea if it is fixable? Or it's something wrong with my code :P

    Adding

    <?php
    function no_magic_quotes($query) {
            $data = explode("\\",$query);
            $cleaned = implode("",$data);
            return $cleaned;
    } ?>

    does the trick, but not sure if it's safe or smart :)

  6. Derek Herman
    Member
    Plugin Author

    Posted 3 years ago #

    will be in the update today.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic