Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.9.3

Bug #3601 htmlentities needed for data
Submitted: 2005-02-25 20:35 UTC
From: xolphin Assigned: olivierg
Status: Closed Package: Structures_DataGrid
PHP Version: Irrelevant OS: Irrelevant
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 22 - 7 = ?

 
 [2005-02-25 20:35 UTC] xolphin
Description: ------------ Data pulled out of the database needs to be encoded with htmlentities() to make it valid html (& to & and such). This can be done in a formatter, but I think it is best to do it standard for all data. Obviously data from a formatter itself should not be handled with htmlentities, that makes it useless. A quick hack I did was in line 457 of HTMLTable.php 1.39: // Use Record Data $content = htmlentities($row[$column->fieldName]); Maybe it is nicer to make it an option somewhere.

Comments

 [2005-03-11 23:12 UTC] asnagy
This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better. I added htmlentities as well as stripslashes functions. As mentioned, this may be better as an option, but I think it may be commonly used, so it will stay as is for now.
 [2006-05-19 11:35 UTC] michel dot dhooge at gmail dot com (Michel D'HOOGE)
My records use utf-8 to encode strings. So calling htmlentities with a single parameter as it is done now is bogus: for instance, it returns é instead of é Two workarounds are available: $content = htmlentities($row[$column->fieldName], ENT_COMPAT, 'UTF-8'); $content = htmlspecialchars($row[$column->fieldName]); I can provide a patch for either or maybe both workaround, with an option to set somewhere. With modern browser and utf-8 becoming more common, maybe htmlspecialchars could be enough. To be discussed further...
 [2006-05-19 12:01 UTC] olivierg at php dot net (Olivier Guilyardi)
Thanks for your feedback, but that should be fixed in the CVS. The HTMLTable rendering driver now has a "convertEntities" option, that sets whether to convert html entities or not (default: true). As you say, "data from a formatter itself should not be handled with htmlentities", and that's exactly what happens. Please use the CVS.
 [2006-05-19 15:56 UTC] olivierg at php dot net (Olivier Guilyardi)
My apologies... I answered to a previous comment. Nevertheless, your utf-8 encoding problem should also be fixed in CVS. All rendering drivers, including HTMLTable, now have an "encoding" option. A default value is guessed using mb_internal_encoding(). So you have two options : - either set PHP's internal character encoding, before rendering the datagrid, with : mb_internal_encoding('UTF-8'); - or explicitly tell the renderer what encoding it should use with : $datagrid->setRendererOption('encoding','UTF-8'); Please use the CVS. We're about to release 0.7, but that should take a few more weeks.