Dangerous bug when editing via HTML editor

[bemara579]

I am having a serious issue with the page editor. When editing the page via the html editor, it sometimes converts characters to encoded ones that should not be converted.

My header has this:
[[ConLib:Custom/Mod_Manufacturers Manufacturers="4#5#6#7#8#9" Columns="3"]]

After saving, it SOMETIMES saves it as this (notice the quotes have been encoded when they should not have, also I had to put &_ instead of & because your form was re-encoding it):
[[ConLib:Custom/Mod_Manufacturers Manufacturers=&_quot;4#5#6#7#8#9&_quot; Columns=&_quot;3&_quot;]]

This causes my website to go to the "Oops error page". The site becomes down because of this error. Also, this happens here to:
#if ($store.Currencies.Count > 1 )

Gets converted to this:
#if ($store.Currencies.Count &_gt; 1 )

Anyone know how to fix this? It is a killer bug that makes editing any page a dangerous task because it can make the whole site go down. Pls help!!

[mazhar]

Edit Website/fckeditor/fckconfig.js and make sure that it has following line

Code: Select all

FCKConfig.HtmlEncodeOutput = false ;

and its value is not set to true.

[bemara579]

It is already false by your installation default. I even tried setting this to false in the server-side, C# FCKeditor object. It is still happening. It is a real problem that is bringing down websites anytime someone modifies the pages.

Try editing the "Standard Header" for yourself and see (using the HTML editor). I just crashed your live demos by editing the header in the html editor (tried this in IE7 and IE8).

[bemara579]

bump

[mazhar]

I tried following

Code: Select all

[[ConLib:Sample Manufacturers="4#5#6#7#8#9"]]

and its working for me, any new thought about how to reproduce it.

[bemara579]

Did you try to edit your own demo as I mentioned? I do not think you are using the editor and just modifying the code in the textbox. You will have to use the WYSIWYG editor (FCKeditor). Here's all I did and you can do the same to replicate.

1) Open IE7
2) Go to your demo page and create a store: http://www.ablecommerce.com/shopping-cart-trial.aspx
3) Sign in as an admin
4) Go to the public home page
5) Scroll down and change the mode to "Edit Page"
6) Edit the header which is called "Standard Header"
7) Click on the "HTML" button to open the editor.
Click the save icon in the editor (you do not even have to change anything!).
9) Then click save again
10) Then you have just crashed the entire site!!!!!!!!!!!!!!

It is a serious problem that I do not think should be taken lightly. IT IS CORRUPTING ALL AREAS OF THE STORE - PUBLIC AND ADMIN!!!!!!!!!!!!!! NOT ONLY IS IT CORRUPTING, BUT TAKING DOWN WEBSITES ENTIRELY!!!

Here is another post with the same problem and got their email templates corrupted:
viewtopic.php?f=42&t=6440

PLS HELP!!!!!!!!!!!!!!!!!!!

[mazhar]

Thanks, Issue is reported and you can track progress here
http://bugs.ablecommerce.com/show_bug.cgi?id=8038

In order to revert changes you can go to Administration > Website > Content and Layout and then locate Standard Header scriptlet. Then click delete icon available next to scriptlet name to restore default scriptlet.