Ticket #5340 (closed patch: fixed)

Opened 5 months ago

Last modified 1 month ago

Account names can't contain apostrophes

Reported by: Mike.Sasena Assigned to: developer
Priority: unassigned Milestone: 5.1.0
Component: vtigercrm Version: 5.0.4
Keywords: apostrophe innerHTML Cc:

Description

vtiger will allow you to create an account with an apostrophe within the name, e.g. "Joe's Crab Shack". However, if you try to associate a contact with that account, it will not work. When you select it by editing the contact's "account" field, it will return a blank. So you can create an account with an apostrophe, but you can't use it.

Change History

11/25/08 14:51:15 changed by densi

  • keywords set to apostrophe innerHTML.
  • status changed from new to closed.
  • resolution set to fixed.
  • type changed from defect to patch.

I found the solution

2 different problems:

1- all browsers (Firefox, IE7, opera 9, safari, chrome; all latest version) innerHTML corrupt the onclick="" javascript code in the javascript callSearch() in popup.tpl.

A bug should be summitted to all.

2- include/utils/ListViewUtils.php decode_html function is checking the $_REQUEST variable.

the code should look this:

if($_REQUESTaction? == 'Popup' $_REQUESTaction? == 'AccountsAjax?')

instead of:

if($_REQUESTaction? == 'Popup')

This way, the apostrophe get formated like this: \' instead of like this: \'

N.B. Maybe strrpos($_REQUESTaction?, 'Ajax') == 4 to filter ALL the module AJAX querks. I am sure at 60% that this code is better than the one above.

BTW, really stupid to check $_REQUEST in decode_html().