quotation sign defaces after edit of an entry.

[joerg-nafcom]

System Information
Podcast Generator Version: 3.1
Webserver: Apache
PHP Version:7.3

When this:

Is edited in Admin mode and I am simply hitting "Save" without changing anything, it defaces to this:

[ryangurn]

@joerg-nafcom ah it appears that we are escaping quotes to protect against some sort of SQL injection.

I think we will need to find a creative way to ensure that this is properly fixed. Thanks for the report!

[emilengler]

@joerg-nafcom ah it appears that we are escaping quotes to protect against some sort of SQL injection.

No, we don't use any SQL at all, although I thought about switching to an SQLite database in the future

[ryangurn]

oops @emilengler i mean html injection oops. I think this probably has to do with a call to htmlspecialchars() somewhere.

[emilengler]

Yes I think this causes the problem

[ryangurn]

I will take a look and push a PR for adjusting this!

[ryangurn]

@joerg-nafcom so initially the data is added in correctly, and then upon updating it we get the "&quote"?

[ryangurn]

I hope that the title is the only place where this is needed since that is the only place where I allowed for html special chars. @joerg-nafcom please let me know if that will suffice, we are trying to ensure that there is some level of security so that html code cannot be executed by the browser accidentally.

[emilengler]

This was fixed due to great work by @ryangurn!

[joerg-nafcom]

Hi Ryan, exactly! I am sorry I didn't reply to this in time. I saw the notifcations but am super busy with Gamescom livestream this weekend. Glad you've got this fixed, thank you! :) Cheers! Joerg

…

On Sun, 30 Aug 2020 07:39:44 +0200, Ryan Gurnick ***@***.***> wrote: @joerg-nafcom so initially the data is added in correctly, and then upon updating it we get the "&quote"? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

-- Using Opera's revolutionary e-mail client: https://en.wikipedia.org/wiki/Opera_Mail -------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------- DON'T SEND FILES BIGGER THAN 4 MB! THANKS! (send to joerg.droege@gmail.com instead). -------------------------------------------------------------------------------------------- Want to send to my iPhone? Use nafcom@games.com - thanks! --------------------------------------------------------------------------------------------

[ryangurn]

@joerg-nafcom my pleasure, I will most likely be commenting on your other bug reports to get those squashed also. It was a pleasure.