0
Hello,
I have spent a day looking for the solution to this.
Some of the sections of the site (that were working normal) stoped workin, ex : Add supplier products and prices on the add products page / when i choose combo products the part of the page that used to show to add composing products did not show / whene creating sell on an existing quotation that did not work ....
Whene i saw the console i found that there was some weird JS erros...
the probleme is that some named users, billers and warehouses had names containing " ' " simple quote which caused the scripts to show errors and could not the work anymore.
I tried this on the live demo and it behaves just as i described.
0
Hello,
Yes, the input are saved as it is so the '
and "
can break the javascript code. Why these character are need in the name?
I will check about this in next update.
Thank you
0
After my first post I was working on quotations and want to convert it to a sell, but that broke down because I had a simple quote in the note field.
The problem is there for any field that is manipulated with javascript.
We are a country that uses mainly french we can not tell client not to use simple quotes in their sell notes quotations even warehouse names billers...
In my example the name of the company is "saja d'or" but could not achieve it on the up and changed it to sajad dor. If you could escape it in a javascript level that would be very nice.
0
Hello,
I am not sure about escaping them in javascript 😦 If yo know any way, please let me know.
As I can think of the easiest solution should to addSlashes
to the post input and before saving them to database. This will fix the js issue bit then the view will display them as \'
so each view file will need to modified to use stripslashes
If you don't mind \'
then you can add app/core/MY_Input.php
with following contents
<?php
(defined('BASEPATH')) or exit('No direct script access allowed');
class MY_Input extends CI_Input
{
public function __construct()
{
parent::__construct();
}
protected function _fetch_from_array(&$array, $index = null, $xss_clean = null)
{
is_bool($xss_clean) or $xss_clean = $this->_enable_xss;
// If $index is NULL, it means that the whole $array is requested
isset($index) or $index = array_keys($array);
// allow fetching multiple keys at once
if (is_array($index)) {
$output = [];
foreach ($index as $key) {
$output[$key] = $this->_fetch_from_array($array, $key, $xss_clean);
}
return $output;
}
if (isset($array[$index])) {
$value = $array[$index];
} elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) { // Does the index contain array notation
$value = $array;
for ($i = 0; $i < $count; $i++) {
$key = trim($matches[0][$i], '[]');
if ($key === '') { // Empty notation will return the value as array
break;
}
if (isset($value[$key])) {
$value = $value[$key];
} else {
return null;
}
}
} else {
return null;
}
return ($xss_clean === true)
? addSlashes($this->security->xss_clean($value))
: $value;
}
}
0
Hello, i just installed an app with the version 3,4,53 and changed the content of the file as mentioned but the problem is still there? could you please help with this.
0
Can you please share the screenshot and the site link with login details to check. Thanks
We use Cookies
We use cookies to ensure that we give you the best experience on our website. By continuing to browse the site you are agreeing to our use of cookies.