Support

Akeeba Ticket System

#17896 Minor and major sign display inside [code]

Posted in ‘Akeeba Ticket System for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Ticket System version
n/a

Latest post by gibilogic on Thursday, 24 October 2013 10:18 CDT

Friday, 18 October 2013 11:05 CDT

gibilogic
Joomla 2.5.14, Akeeba Ticket System 1.2.4.

Since I am using the same component on which I am asking support for, let me first check something:

<?php if( $this->params->get('show_prices',0) ): ?>
  <td>
    <?php if( isset( $product->product_price ) ) echo $product->product_price ?>
  </td>
<?php endif ?>

Friday, 18 October 2013 11:09 CDT

gibilogic
Ok, i have now verified that on this site Akeeba Ticket System has the same behaviour, so at least I know it's not a misconfiguration on my part.

Why the minor and major signs are converted to HTML entity when displayed inside a code block? More related to the editor itself I guess. Please note the text is not really cleaned, just converted on display (if I edit the ticket I can see the original code).

Am I missing something? Is that intended? I'd expect for my user to see the exact code I am posting in my tickets. Thank you for any suggestion.

Friday, 18 October 2013 12:07 CDT

nicholas
They are not called minor and major signs, they are called "less than" and "greater than" signs. They are also the same characters used to enclose HTML tags, such as the script tag. Our code tries to be very conservative with the display of those tags in order to avoid XSS attacks. On the downside they look like crap. I can't fix that without potentially degrading the security of the component. If you have a better idea, by all means, please tell me. I don't pretend to be infallible and I do value the opinion of other developers as you already know from the FOF list and GitHub repo :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 18 October 2013 12:47 CDT

gibilogic
I can't fix that without potentially degrading the security of the component.


I understand the security implications, but leaving it like that is clearly not acceptable. I'll see what I can do. Thank you.

Thursday, 24 October 2013 04:08 CDT

nicholas
I have tried solving this problem in the latest dev release. Would you mind testing it?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 24 October 2013 04:43 CDT

gibilogic
I would be very happy to. I am going to download the DEV release in a minute. Thank you.

Thursday, 24 October 2013 04:54 CDT

gibilogic
Everything seems to work as expected. Anything I need to change in configuration? Or anything else I need to know? Thank you.

Thursday, 24 October 2013 07:54 CDT

nicholas
Awesome! There are no configuration changes necessary. I think this all started as a misinterpretation of the HTML standard.

The code tag is rendered as a pre HTML tag. Every piece of literature I got my hands on was telling me that if you want to add HTML tags inside a pre tag you have to escape, at the very least, the greater-than, less-than and ampersand characters. This is what I was doing. I observed that you were right, these entities were output verbatim: there was no entities or tag processing inside the pre tag. I ran more tests and I saw that even raw HTML inside the pre tags is output verbatim. Therefore the literature I was reading was outdated and I needn't escape the contents of the pre tag. As a result my fix was commenting out the line which would escape the pre tag's contents.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 24 October 2013 10:18 CDT

gibilogic
Excellent.
I'm happy it's been sorted out so quickly.
Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!