Page 1 of 1

[solved in 14c84904fe] Save HTML tags in plugin storage

Posted: 26 May 2013, 18:41
by feader
When I call PluginHost::set($this, 'key', $value), and $value contains HTML tags (i.e. <link>), these are stripped out. This also has the strange effect that retrievals with PluginHost::get($this, 'key') aren't possible, that is, an empty string is returned but there clearly is an entry in the db.
Since I want to store regular expressions that operate on feed data, this is a bit unfortunate. Adding a 'false' to this line in classes/pluginhost.php

Code: Select all

$content = $this->dbh->escape_string(serialize($this->storage[$plugin]), false);

in the save_data function fixes this; I'm don't know if that is a good idea, so should I/the user just "escape" the tags with [<]tag[>]?

Re: Save HTML tags in plugin storage

Posted: 27 May 2013, 14:03
by fox
I think this was reported before, but I completely forgot about it. Should be fixed in trunk, I don't see why plugins should be prevented from storing html stuff in the database.

Re: [solved in 14c84904fe] Save HTML tags in plugin storage

Posted: 28 May 2013, 02:57
by feader
Works now. I noticed another problem: I have a text field a la af_feedmod in which the user enters data. When a ampersand is entered and stored as &amp;, everything works fine, but on retrieval, it gets converted into a & in the text field. So when the user doesn't recognize this and saves it again, the &amp; is replaced by the sole &, which can have unfortunate consequences (feed gets mangled and is not parsable).

Edit: Here (in the NY Times entry) is an example where &amp; is needed, and & produces an invalid feed.

Re: [solved in 14c84904fe] Save HTML tags in plugin storage

Posted: 28 May 2013, 08:49
by fox
You probably have to htmlspecialchars() it before setting textbox value or something, unless it's stored incorrectly in the database.

Re: [solved in 14c84904fe] Save HTML tags in plugin storage

Posted: 28 May 2013, 16:49
by feader
fox wrote:You probably have to htmlspecialchars() it before setting textbox value or something, unless it's stored incorrectly in the database.

That did the trick, the database was always fine. But it makes me wonder why it worked with the characters <, >, ", ' in it, but chocked only on the &. I should take a good look at textarea stuff, I guess.