Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 3.2.16

Bug #306 Textfield label as html linkwith javascript onClick causes wierd effects
Submitted: 2003-11-27 08:51 UTC
From: stephan dot steiner at nextiraone dot ch Assigned:
Status: Bogus Package: HTML_QuickForm
PHP Version: 4.3.4 OS: Win XP SP1
Roadmaps: (Not assigned)    
Comments Add Comment Add patch

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem : 26 - 9 = ?

 [2003-11-27 08:51 UTC] stephan dot steiner at nextiraone dot ch
Description: ------------ I'm trying to create a text field having a label containing a HTML link. The link should trigger a JavaScript function to open a new window above the existing one. I have this code working on a production version using Pear v1.52 (version number of Pear.php) and HTML_QuickForm v1.58 dated 2003/02/02. However, running the code on Pear v 1.69 (version number of Pear.php once again) and HTML_QuickForm 3.2 I get a behaviour I can't explain. In IE, I get a page not found error without a popup. In Mozilla Firebird, the browser goes to google, searching for keyword://localhost, puts a / in the search box and does a "I'm feeling lucky" search, ending up on PHP is the standard 4.3.4 W32 installer from the web. Changes to php.ini are: include_path=".;C:\php\pear;C:\php\jpgraph-1.13\src" extension_dir = "c:\php\extensions" extension=php_dbg.dll [debugger] debugger.enabled = true debugger.profiler_enabled = true debugger.JIT_host = clienthost debugger.JIT_port = 7869 PHP DBG is version 2.11.23 Reproduce code: --------------- <?php require_once("HTML/QuickForm.php"); require_once("HTML/QuickForm/text.php"); $DataForm = new HTML_Quickform("New_Project"); $Link_Offert_Tool = "Offert Number (<a onClick=\"'','MyWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,hotkeys=no,width=1024,height=768'); return false;\" href=\"\">Offer Numbering Tool</a>)"; $Offert_Number = new HTML_QuickForm_text('Offert_Number', $Link_Offert_Tool); $DataForm->addElement($Offert_Number); $DataForm->Display(); ?> Expected result: ---------------- an html page like this: <html><head></head> <body><form id="New_Project" name="New_Project" method="post" action="/test.php"> <table border="0"> <tbody><tr> <td valign="top" align="right"><b>Offert Number (<a href="" onclick="'','MyWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,hotkeys=no,width=1024,height=768'); return false;">Offer Numbering Tool</a>)</b></td> <td align="left" valign="top"><input type="text" name="Offert_Number"></td> </tr> </tbody></table> </form></body></html> Actual result: -------------- Call stack including line numbers. test.php(11) -> QuickForm.php::tohtml(1436) -> QuickForm.php::accept(1393) -> element.php::accept (373) -> default.php::renderelement(268) -> default.php::_preparetemplate(232) the actual problem ocurrs in _preparetemplate on line 232 ($html = preg_replace(....)). After that, the script aborts (no errors, and stepping through the code is no longer possible) and I get the results mentioned in the description. the $html string contains the following prior to the abort: <html><head></head> <body> <!-- BEGIN required --><span style="color: rgb(255, 0, 0);">*</span><!-- END required --><b>Offert Number (<a href="" onclick="'','MyWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,hotkeys=no,width=1024,height=768'); return false;">Offer Numbering Tool</a>)</b> <!-- BEGIN error --><span style="color: rgb(255, 0, 0);">{error}</span><br><!-- END error --> {element} </body></html>


 [2003-11-27 12:17 UTC] avb
I suspect this behaviour has nothing to do with QF, it looks like webserver crash. Please check: 1) Does the script work with DBG disabled? 2) Are there any clues in webserver logs?
 [2003-11-27 12:48 UTC] stephan dot steiner at nextiraone dot ch
1) No, there's the same effect. 2) Indeed there are, and your assumption is correct. The server crashes and is restarted immediately. The funny thing is that if I just echo the string that leads to the crash, there is no crash, it's only in conjuction with QuickForm that it causes the server to crash. I've also tested the script on another W32 Apache installation (latest release build) with the same results. Unfortunately I don't have access to a linux box so I could test the same apache and php versions against my script to see if it is platform related. Have you tried the sample script? I suppose it worked as it should when you tried it?
 [2003-11-27 14:52 UTC] avb
It runs fine on Linux. Sorry, but this does not mean the bug in QF, as usually you shouldn't be able to crash the webserver using PHP script. The problem is somewhere deeper, on Apache or PHP level.
 [2003-11-27 15:09 UTC] stephan dot steiner at nextiraone dot ch
I didn't mean to say it's a bug in QF. The crash is caused when an internal PHP function is called so we know the crash is not QF's fault. It's merely triggered by QF preparing a certain string and running it through preg_macth(). As apache can serve the actual HTML code I want to get I presume the crash is triggered by the php module, and somehow it manages to take apache down with it.