Gossamer Forum
(Advanced Search)
for
Home : Products : Gossamer Forum : Development, Plugins and Globals :

Another annoying thing - EVERYTHING gets html_encoded!

Feb 21, 2008, 8:43 AM
Andy
Veteran / Moderator (17298 posts)
Andy's avatar
Feb 21, 2008, 8:43 AM
Post #1 of 3
Views: 528
Shortcut
Quote Reply
Another annoying thing - EVERYTHING gets html_encoded!
Hi,

How can I stop stuff I'm passing in a loop, from getting encoded?

Code:
my @entries;
while (my $hit = $sth->fetchrow_hashref) {
push @entries, $hit;
}

print GForum::Template->parse_print('guestbook_view.html' , { %$vars, entries_loop => \@entries } );

..and the value of $hit->{Contents} gets HTML encoded, thus shows all the HTML, instead of what its mean't to!

I've found a solution:
Code:
my @entries;
while (my $hit = $sth->fetchrow_hashref) {
push @entries, { %$hit, Contents => \$hit->{Contents} };
}

print GForum::Template->parse_print('guestbook_view.html' , { %$vars, entries_loop => \@entries } );

.. but surely there has to be a better way? :/

TIA

Andy (mod)
andy@ultranerds.co.uk

IMPORTANT: I've now moved to ultranerds.co.uk, and the .com will no longer work!
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates
Feb 21, 2008, 3:15 PM
brewt
Staff (4066 posts)
brewt's avatar
Feb 21, 2008, 3:15 PM
Post #2 of 3
Views: 516
Shortcut
Quote Reply
Re: [Andy] Another annoying thing - EVERYTHING gets html_encoded! In reply to
Either pass them back as references or unescape_html the variables (first method preferred). FYI, using GT::Template in escape mode (ie. how gforum is using it) is the proper way of doing things, which prevents many XSS vulnerabilities.

Adrian
Feb 22, 2008, 12:49 AM
Andy
Veteran / Moderator (17298 posts)
Andy's avatar
Feb 22, 2008, 12:49 AM
Post #3 of 3
Views: 512
Shortcut
Quote Reply
Re: [brewt] Another annoying thing - EVERYTHING gets html_encoded! In reply to
Hi,

Thanks again Smile

Cheers

Andy (mod)
andy@ultranerds.co.uk

IMPORTANT: I've now moved to ultranerds.co.uk, and the .com will no longer work!
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package (plugins total "value" $3,325 & rising, for just $350)| GLinks ULTRA Package PRO (plugins total "value" $5,625 & rising, for just $500)
Support Forum | Links SQL Plugins | DMOZ Dumps | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Compare our different Plugin packages *new* Free CSS Templates