Commit e87a2421 authored by Marc Egger's avatar Marc Egger
Browse files

inline editor: fix html entity bug

parent 87f88d99
Pipeline #4054 passed with stages
in 3 minutes and 55 seconds
......@@ -35,6 +35,10 @@ class Path
const EXT_TO_API = 'Classes/Api';
const API_TO_APP = '../../../../../'; // TODO: make relatvie to ext instead
// Javascript
const EXT_TO_JAVASCRIPT = 'Resources/Public/JavaScript';
const JAVASCRIPT_TO_EXT = '../../../';
// Icons
const EXT_TO_GFX_INFO_FILE = 'Resources/Public/icons/note.gif';
const EXT_TO_PATH_ICONS = 'Resources/Public/icons';
......
......@@ -1803,7 +1803,14 @@ class QuickFormQuery {
// If not, this might be an attack => cancel.
return;
}
$bodytextNew = Support::htmlEntityEncodeDecode(MODE_DECODE, $_POST[REPORT_INLINE_BODYTEXT]);
$bodytextNew = $_POST[REPORT_INLINE_BODYTEXT];
// removed the entity decode of bodytext since it replaced
// 10.sql = SELECT '& X &'
// with
// 10.sql = SELECT '& X &'
// $bodytextNew = Support::htmlEntityEncodeDecode(MODE_DECODE, $_POST[REPORT_INLINE_BODYTEXT]);
if (intval($isFile) === 1) {
ReportAsFile::write_file_uid($uid, $bodytextNew, $this->dbArray[$this->dbIndexData]);
} else {
......
......@@ -74,14 +74,14 @@ class Monitor {
'&' . TOKEN_L_TAIL . '=' . $vars[TOKEN_L_TAIL] .
'&' . TOKEN_L_APPEND . '=' . $vars[TOKEN_L_APPEND];
// $url = store::getSipInstance()->queryStringToSip(API_DIR . '/' . API_DOWNLOAD_PHP . '?' . $queryString, RETURN_URL);
$arr = store::getSipInstance()->queryStringToSip('../../../'. Path::extToApi(API_DOWNLOAD_PHP) . '?' . $queryString, RETURN_ARRAY);
$arr = store::getSipInstance()->queryStringToSip(Path::join(Path::JAVASCRIPT_TO_EXT, Path::extToApi(API_DOWNLOAD_PHP)) . '?' . $queryString, RETURN_ARRAY);
$url = $arr[SIP_SIP_URL];
// On page reload, take care to remove optional existing old seek position.
$key = $this->getSeekSessionKey($arr[CLIENT_SIP]);
$this->session::unsetItem($key);
$webworker = Path::appToExt('Resources/Public/JavaScript/GetFileContent.js');
$webworker = Path::appToExt(Path::EXT_TO_JAVASCRIPT, 'GetFileContent.js');
$code = <<<EOF
<script type="text/javascript">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment