[TYPO3-core] Reminder - bug: 0000132: Incorrect handling of %-signin FORM.params

[rupert germann]

me again ;-)

Ernesto Baschny contacted me by PM because he found some problems with the 
patches by me and Martin that fix the $addParams problem at a central point 
in the function FORM. 
Adding the second % character works of course only if the resulting string is 
actually used in a sprintf() call which is not the case for radiobutton 
options and for submitbuttons which are images. These elements would then 
have 2 % chars in their style attributes.

So I rewrote the patch to prevent the problem by using only %s placeholders in 
sprintf() calls and not mixing up %s and variables.
I also changed the calls to count() in "for" loops which did hurt my eyes ;-)

new patch is attached.

greets
rupert


On Saturday 29 April 2006 10:16, rupert germann wrote:
> On Friday 28 April 2006 20:44, Martin Kutschker wrote:
> > +1 if you move the str_replace after the if-clause in the diff. Your
> > patch only escapes FORM.params but not FORM.params.<type>.
>
> you're absolutely right, thanks for the hint.
>
> > I have attached a new version of it. A bit hard to read because I changed
> > the formatting as well. Basically I have moved the str_replace so that it
> > gets called only when $addParams is not empty.
>
> works fine for me. I will add some {} around the
> $addParams=' '.str_replace('%','%%', $addParams); line when I commit it.
>
> another +1?
>
> greets
> rupert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tslib_content-percent_v2.diff
Type: text/x-diff
Size: 7143 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20060429/3e151c2d/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20060429/3e151c2d/attachment.pgp