View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006264 | OXID eShop (all versions) | 2.2. Shop settings | public | 2015-11-16 11:58 | 2015-11-17 09:58 |
| Reporter | mario_lorenz | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Product Version | 4.9.6 / 5.2.6 | ||||
| Summary | 0006264: oxconfig->_setConfVarFromDb - kein htmlentities bei Vartype "str", "select", "num", "int" | ||||
| Description | compare oxconfig->setConfVarFromDb and shop_config->_unserializeConfVar In shop_config_unserializeConfVar you see, that Vartypes "str", "select", "num", "int" are converted with htmlentities. In the oxconfig->setConfVarFromDb are not. When you have a Quote in your Variable, and you want to get it via oxconfig->getConfigParam(...), then the Quote isnt there. | ||||
| Steps To Reproduce | Maybe in any Admin-Controller, you save in the save-Method a Variable: $sVar = '"'; $oConfig->saveShopConfVar('str', 'varQuote', $sVar, null, 'module:xyz'); The same Admin-Controller has a method for template-access to config: public function getConfigParam($sVar) { return oxRegistry::getConfig()->getConfigParam($sVar); } In Admin-Template: <input type="text" value="[{$oView->getConfigParam('varQuote')}]"> You´ll see that the quote is not set. | ||||
| Additional Information | The solution is to add the htmlentities in oxconfig (Line 605-607, Oxid 4.9.6) default: $this->setConfigParam($sVarName, htmlentities($sVarVal)); break; | ||||
| Tags | No tags attached. | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
|
|
The shop doesn't provide a method to access config variables directly in templates, that would be against the philosophy. If there's a need to have a config value in a template, a getter must be created. In the given case you could use the Smarty function "escape": <input type="text" value="[{$oView->getConfigParam('sVarQuote')|escape}]"> Or you adapt your written getter to escape strings. |
|
|
The main method to store variables in the table oxconfig is the method oxConfig::saveShopConfVar. If the value needs some special treatment it's not the job of the config object to manipulate it. This must be made by the active controller. Shop_Config::_unserializeConfVar is just a helper method for the Shop_Config object and not a general method to store config values. |
