Description: ------------ when using the select element and loading data from a database result, "&"-Characters are not replaced with & when outputting to HTML. I'm not sure if the renderer has to do this, in this case it would be the fault of the ArraySmarty renderer, not of the select element. It's not much of a proplem because it works, but "&" are not validated against HTML4.01 transitional and so pages do not apply to web standards. Besides, great work :)) Reproduce code: --------------- // pseudo code... $db=<<data from database selection, "id","name" $elem=&new HTML_QuickForm::createElement("select"); $elem->load($db,"id","name"); $form->addElement($elem); ... now assign smarty renderer and output to ArraySmarty // sorry about not posting actual code, but I'm not at my workstation right now. Expected result: ---------------- <select> <option value="this&that" id="this&that">this is about this&that</option> </select> Actual result: -------------- <select> <option value="this&that" id="this&that">this is about this&that</option> </select>

Would you like a pseudo-fix for you pseudo-bug containing pseudo-code? Please create a self-contained testcase (without DB access, of course) and post this.

well yes, you are right... :) I'm back at my Eclipse system so I can copy&paste it: <? require_once("HTML/QuickForm.php"); require_once("HTML/QuickForm/Renderer/ArraySmarty.php"); require_once("Smarty/Smarty.class.php"); // add database connection like: $db=& DB::connect("mysql://$user:$passwort@$host/$database"); $form= new HTML_QuickForm("mform","POST"); $feld=&HTML_QuickForm::createElement("select",$name); $query="select id,name from stdkat order by name"; $feld->load($db,$query,"name","id"); $mysmarty= new Smarty; $renderer =& new HTML_QuickForm_Renderer_ArraySmarty($mysmarty); $form->accept($renderer); $formular=& $renderer->toArray(); print_r($formular); ?>

sorry, glitch in the code: <? require_once("HTML/QuickForm.php"); require_once("HTML/QuickForm/Renderer/ArraySmarty.php"); require_once("Smarty/Smarty.class.php"); // add database connection like: $db=& DB::connect("mysql://$user:$passwort@$host/$database"); $form= new HTML_QuickForm("mform","POST"); $feld=&HTML_QuickForm::createElement("select",$name); $query="select id,name from stdkat order by name"; $feld->load($db,$query,"name","id"); $form->addElement($feld); $mysmarty= new Smarty; $renderer =& new HTML_QuickForm_Renderer_ArraySmarty($mysmarty); $form->accept($renderer); $formular=& $renderer->toArray(); print_r($formular); ?>

Once again: I need testcase not containing database access and no Smarty, *only* QuickForm calls.

Sorry, I tried to be as close to the problem as possible, and Smarty is neccesary for the ArraySmarty Renderer. It works without Smarty, though. There's a warning about the missing smarty, but it can be ignored. I think this problem might be connected to the renderer, so I don't remove the SmartyArray Renderer. You can also see that my first interpretation was wrong; while the value-"&" is replaced correctly, the name-"&" is not replaced. **************** Code **************** <?php require_once("HTML/QuickForm.php"); require_once("HTML/QuickForm/Renderer/ArraySmarty.php"); $form= new HTML_QuickForm("mform","POST"); $feld=&HTML_QuickForm::createElement("select","test"); $data=Array("this&that"=>"this is about this&that"); $feld->load($data); $form->addElement($feld); $renderer =& new HTML_QuickForm_Renderer_ArraySmarty(); $form->accept($renderer); $formular=& $renderer->toArray(); print_r($formular); ?> **************** Output **************** <br /> <b>Warning</b>: Missing argument 1 for html_quickform_renderer_arraysmarty() in <b>/usr/local/lib/php/HTML/QuickForm/Renderer/ArraySmarty.php</b> on line <b>115</b><br /> Array ( [frozen] => [javascript] => [attributes] => action="/platform/de/bandliste/testcase.php" method="post" name="mform" id="mform" [requirednote] => <span style="font-size:80%; color:#ff0000;">*</span><span style="font-size:80%;"> denotes required field</span> [errors] => Array ( ) [hidden] => [test] => Array ( [name] => test [value] => [type] => select [frozen] => [label] => [required] => [error] => [html] => <select name="test"> <option value="this&that">this is about this&that</option> </select> ) )

After quite a bit of consideration, this bug will not be fixed: it will break e.g. l10n of HTML_QuickForm_date, where HTML unicode entities are used for non-ASCII symbols. Since option texts do not come from user input, the programmer has full control on what he can do to them, including running htmlspecialchars() himself when necessary.