inline editor: fix html entity bug

e87a2421 · Marc Egger · 87f88d99 · e87a2421 · e87a2421 · e87a2421
Commit e87a2421 authored Oct 20, 2020 by Marc Egger
--- a/extension/Classes/Core/Helper/Path.php
+++ b/extension/Classes/Core/Helper/Path.php
@@ -35,6 +35,10 @@ class Path
    const EXT_TO_API = 'Classes/Api';
    const API_TO_APP = '../../../../../'; // TODO: make relatvie to ext instead

+    // Javascript
+    const EXT_TO_JAVASCRIPT = 'Resources/Public/JavaScript';
+    const JAVASCRIPT_TO_EXT = '../../../';
+
    // Icons
    const EXT_TO_GFX_INFO_FILE = 'Resources/Public/icons/note.gif';
    const EXT_TO_PATH_ICONS = 'Resources/Public/icons';

--- a/extension/Classes/Core/QuickFormQuery.php
+++ b/extension/Classes/Core/QuickFormQuery.php
@@ -1803,7 +1803,14 @@ class QuickFormQuery {
            // If not, this might be an attack => cancel.
            return;
        }
-        $bodytextNew = Support::htmlEntityEncodeDecode(MODE_DECODE, $_POST[REPORT_INLINE_BODYTEXT]);
+        $bodytextNew = $_POST[REPORT_INLINE_BODYTEXT];
+
+        // removed the entity decode of bodytext since it replaced
+        //   10.sql = SELECT '&amp; X &'
+        // with
+        //   10.sql = SELECT '& X &'
+        // $bodytextNew = Support::htmlEntityEncodeDecode(MODE_DECODE, $_POST[REPORT_INLINE_BODYTEXT]);
+
        if (intval($isFile) === 1) {
            ReportAsFile::write_file_uid($uid, $bodytextNew, $this->dbArray[$this->dbIndexData]);
        } else {

--- a/extension/Classes/Core/Report/Monitor.php
+++ b/extension/Classes/Core/Report/Monitor.php
@@ -74,14 +74,14 @@ class Monitor {
            '&' . TOKEN_L_TAIL . '=' . $vars[TOKEN_L_TAIL] .
            '&' . TOKEN_L_APPEND . '=' . $vars[TOKEN_L_APPEND];
 //        $url = store::getSipInstance()->queryStringToSip(API_DIR . '/' . API_DOWNLOAD_PHP . '?' . $queryString, RETURN_URL);
-        $arr = store::getSipInstance()->queryStringToSip('../../../'. Path::extToApi(API_DOWNLOAD_PHP) . '?' . $queryString, RETURN_ARRAY);
+        $arr = store::getSipInstance()->queryStringToSip(Path::join(Path::JAVASCRIPT_TO_EXT, Path::extToApi(API_DOWNLOAD_PHP)) . '?' . $queryString, RETURN_ARRAY);
        $url = $arr[SIP_SIP_URL];

        // On page reload, take care to remove optional existing old seek position.
        $key = $this->getSeekSessionKey($arr[CLIENT_SIP]);
        $this->session::unsetItem($key);

-        $webworker = Path::appToExt('Resources/Public/JavaScript/GetFileContent.js');
+        $webworker = Path::appToExt(Path::EXT_TO_JAVASCRIPT, 'GetFileContent.js');

        $code = <<<EOF
 <script type="text/javascript">