| Author |
Message |
montego
Site Admin/Owner
Joined: Feb 12, 2005
Posts: 896
|
 Posted:
Mon Jul 24, 2006 9:34 am |
|
If you get a SQL error when you try to send your newsletter, it may be related to having either a single or double quote in either your topic or sender fields. The fix is here:
=== HTML Newsletter Versions Affected ===
1.3.0
01.03.01
=== OPEN ===
modules/HTML_Newsletter/admin/functions.php
=== FIND ====
| Code: |
function msnl_fAddNls( $msnl_iCID, $msnl_sTopic, $msnl_sSender, $msnl_sFilename,
$msnl_sDatesent, $msnl_iView, $msnl_sGroups ) {
global $prefix, $db;
$nid = 0;
$sql = "INSERT INTO `". $prefix ."_hnl_newsletters` "
."VALUES ("
."NULL, "
."'$msnl_iCID', "
."'$msnl_sTopic', "
."'$msnl_sSender', "
."'$msnl_sFilename', "
."'$msnl_sDatesent', "
."'$msnl_iView', "
."'$msnl_sGroups', "
."'0'"
.")";
$result = msnl_fSQLCall( $sql );
|
=== REPLACE WITH ===
| Code: |
function msnl_fAddNls( $msnl_iCID, $msnl_sTopic, $msnl_sSender, $msnl_sFilename,
$msnl_sDatesent, $msnl_iView, $msnl_sGroups ) {
global $prefix, $db;
$nid = 0;
$msnl_sTopic = addslashes($msnl_sTopic);
$msnl_sSender = addslashes($msnl_sSender);
$sql = "INSERT INTO `". $prefix ."_hnl_newsletters` "
."VALUES ("
."NULL, "
."'$msnl_iCID', "
."'$msnl_sTopic', "
."'$msnl_sSender', "
."'$msnl_sFilename', "
."'$msnl_sDatesent', "
."'$msnl_iView', "
."'$msnl_sGroups', "
."'0'"
.")";
$result = msnl_fSQLCall( $sql );
|
This is a big  ! My appologies for this. |
_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins |
|
 
|
|
elnegro
Newbie
Joined: May 08, 2007
Posts: 2
|
| Posted:
Tue May 08, 2007 6:08 am |
|
(I haven't checked but) I think you should use the corresponding php function "stripslashes" before echoing these prases with backslashes.
BTW: I've almost finished the italian translation of "HTML Newsletter"... is there any place where I can send it? Is there any CVS of this wonderful module?
TIA
---
Bye, Luca |
|
|
|
|
|
montego
Site Admin/Owner
Joined: Feb 12, 2005
Posts: 896
|
| Posted:
Tue May 08, 2007 8:47 am |
|
| Quote: |
(I haven't checked but) I think you should use the corresponding php function "stripslashes" before echoing these prases with backslashes.
|
The above code is correct, so I might not be understanding what you mean by this. Can you explain a bit more or give an example of what you mean? Much appreciated.
| Quote: |
I've almost finished the italian translation of "HTML Newsletter"... is there any place where I can send it?
|
This is excellent! Thank you so much (actually, the community thanks you). I have been remiss in my duties with this module as I have two other translations too (partial ones) that I have released as a part of RavenNuke(tm), but not separately. You may send it to montego {AT} montegoscripts ((DOT)) com.
Unfortunately, although I do use subversion, it is not available on-line here. Right now, I have no plans to make it available.
Thanks!
montego |
|
|
|
|
|
elnegro
Newbie
Joined: May 08, 2007
Posts: 2
|
| Posted:
Tue May 08, 2007 9:10 am |
|
| montego wrote: |
| Quote: |
(I haven't checked but) I think you should use the corresponding php function "stripslashes" before echoing these prases with backslashes.
|
The above code is correct, so I might not be understanding what you mean by this. Can you explain a bit more or give an example of what you mean? Much appreciated.
|
I know that the above code is correct and you are right  but when you use the function "addslashes" it changes and saves in the db i.e. the string
to
and if you echo this string on the screen it will be printed as
but, by writing
| Code: |
| echo stripslashes($string) |
the string will be printed as
(still I say that I haven't checked your code) so, if you don't encounter this problem, perhaps you are already using the stripslashes function in your code.
HTH
---
Bye, Luca |
|
|
|
|
|
montego
Site Admin/Owner
Joined: Feb 12, 2005
Posts: 896
|
| Posted:
Tue May 08, 2007 9:17 am |
|
Yes, it is being handled. Thank you for clarifying that for me. |
|
|
|
|
|
sixf00t4
Newbie
Joined: Oct 28, 2007
Posts: 4
Location: Pittsburgh, PA
|
| Posted:
Wed Dec 26, 2007 11:50 am |
|
just to be sure, this is the same problem with quotes in the body of the newsletter, right? When i have quotes, hit the preview, and then go back to the message, there are slashes infront of all the apostrophes. |
_________________
[url="http://joshuadhall.com"]blog[/url] - [url="http://myspace.com/joshuadavidhall"]music[/url] - [url="http://youtube.com/sixf00t4"]video[/url] |
|
|
|
montego
Site Admin/Owner
Joined: Feb 12, 2005
Posts: 896
|
| Posted:
Wed Dec 26, 2007 2:18 pm |
|
Actually, sixf00t4, this code is probably 2 - 3 years old and in sore need to being renovated. I've learned a ton over the years working on RavenNuke, and, to be quite honest, although no reporting security issues yet with any of my code, I am quite embarrassed by much of my earlier.
Maybe I can get something out before my Feb PHP5 deadline... |
_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins |
|
|
|
|
sixf00t4
Newbie
Joined: Oct 28, 2007
Posts: 4
Location: Pittsburgh, PA
|
| Posted:
Wed Dec 26, 2007 6:06 pm |
|
hey, no push from me, just reporting bugs as i come across them. keep up the good work my friend. |
_________________
[url="http://joshuadhall.com"]blog[/url] - [url="http://myspace.com/joshuadavidhall"]music[/url] - [url="http://youtube.com/sixf00t4"]video[/url] |
|
|
|
|
montego
Site Admin/Owner
Joined: Feb 12, 2005
Posts: 896
|
| Posted:
Wed Dec 26, 2007 8:30 pm |
|
No worries. More of a push from "me". I have big plans for this module, including a complete re-write for PHP5 with much easier methods for adding additional content, etc. But, first-things-first, I need to complete the 1.x branch with one more functional release. |
_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins |
|
|
|
|
|
|
![[Valid RSS]](images/valid-rss.png "Validate my RSS feed")
