Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I just noticed something new. Let's say I create my first list with the following title:
Jay's Custom List!
1) Then it'll show up correctly under Mysite.com/flag/lists/1 as the following:
Jay's Custom List!
2) But it'll show up incorrectly under Mysite.com/user/1/flag/lists/1 as the following:
Jay's Custom List!
It's weird that the exclamation mark gets displayed correctly, but not the apostrophe. I haven't tested out any other special characters yet. Any ideas what's causing this?
Comment | File | Size | Author |
---|---|---|---|
#30 | Screen Shot 2015-04-27 at 1.46.27 PM.png | 16.38 KB | OpsTao |
#30 | Screen Shot 2015-04-27 at 1.46.27 PM.png | 16.38 KB | OpsTao |
#28 | special_characters-2388741-28.patch | 497 bytes | sl27257 |
#24 | special_characters-2388741-24.patch | 3.83 KB | sl27257 |
#15 | special-characters_view_with_widget.png | 69.1 KB | OpsTao |
Comments
Comment #1
jay.lee.bio CreditAttribution: jay.lee.bio commentedComment #2
sl27257This is probably "Double safety" somewhere. I.e. feeding it through the security functions (check_?) twice. Have you checked if you get the same problem with a normal flag?
BTW: & is also know to cause this behavior.
Comment #3
jay.lee.bio CreditAttribution: jay.lee.bio commentedYes, Flag does have the same problem. Sort of:
1) The title will show up correctly in the user profile's tab because it'll display exactly what you type in the View under "PAGE SETTINGS" -> "Menu" -> "Title". So from the end user's point of view, this issue will never be noticed.
2) The title will NOT show up correctly in one specific place within the View while configuring "PAGE SETTINGS" -> "Access" -> "Permission" -> "settings" in the resulting drop-down menu. So the admin will notice it.
I guess the big question is, should I ask Flag's maintainer to fix this problem? Or is it better for you to override the code somewhere within Flag Lists since the end user will notice this issue only for this module?
P.S. You're right, & has this problem too. Any other special characters we have to worry about without having to test every single one of them?
Comment #4
sl27257I think it is this that is the problem #1387718: Link field in view using "Title, as link" formatter outputs "'" in place of apostrophe in this case. However there are many modules that have the same kind of problem.
It is all characters that need to be escaped in order to avoid security problems. It is probably this function:
http://php.net/htmlspecialchars
Unfortunately I see no way of fixing it in this module... :(
Comment #5
jay.lee.bio CreditAttribution: jay.lee.bio commentedDang, that sucks. But what about overriding the title with the one from Views that generates the result for Mysite.com/flag/lists/1, since that one displays everything properly as I mentioned in my original post above? Can't you somehow insert it into the code programmatically?
Comment #6
jay.lee.bio CreditAttribution: jay.lee.bio commentedOr is using an if statement so that for example, if the formatted title includes the string "
'
", then turn it back to an apostrophe, too much of a security risk? ;)Comment #7
sl27257It is always better to fix it at the origin. As you see there are more characters that are affected. And also not all views will be fixed. I have however another idea, but that is also a hack... (And it doesn't solve the generic problem)
/Thomas
Comment #8
jay.lee.bio CreditAttribution: jay.lee.bio commentedYeah I know. I'm just trying to throw ideas around hoping that something would be useful than nothing. :D
Comment #9
sl27257This was much simpler than I thought... from a security perspective the fix seems safe.
Comment #10
jay.lee.bio CreditAttribution: jay.lee.bio commentedThe patch works! Thanks!!! :)
Comment #12
jay.lee.bio CreditAttribution: jay.lee.bio commentedComment #13
OpsTao CreditAttribution: OpsTao commentedWith Flags 7x-3.6 and Flag Lists 7x-3.0-beta1 (in core 7.35), I am not finding that patch ...-9's code solves the problem. (Specifically, how the newly created List appears in the Flag Lists Operations dropdown menu.) Upon first creation, it appears in the dropdown as entered. (I tried making up a name that includes quotes, apostrophes, and other non-alphanumeric characters.) But upon browser refresh, all the non-allowed characters are replaced by codes.
Are reports of the patch success in context of an earlier Flag Lists release?
I notice that in the beta1 version, at line 197, the exact code specified in the patch exists there already – but it's not solving the issue, at least not in the dropdown menu's display. Also I notice that the code being identified for replacement in the patch exists farther up, at line 156 but it's commented out. Can anyone explain what that's about? As an experiment I tried uncommenting it and running the module, but that didn't seem to make a difference.
Comment #14
sl27257Hi,
thanks for the report!
The code on line 156 breaks the title on some pages and hence it was removed. I don't think it is related your problem.
Regarding the new bug you have spotted, I am not 100% sure which dropdown menu you are referring to? Can you provide the path to the page (Your host name etc is not needed, only the part after that), please?
/Thomas
Comment #15
OpsTao CreditAttribution: OpsTao commentedThomas, thanks for the response. The dropdown referred to is the List Operations dropdown that displays created lists. This list operations widget is appearing above a view table which has a column of checkboxes for selecting items (in our case they are videos) for adding to a custom list. The attached screen captures show that context, then how a new list name appears in the dropdown. A test name includes extra characters such as quotes, apostrophe, and others. In the first of those examples, the list name appears as entered. But after browser refresh, some of those are lost when converted to code. From testing so far, it appears only double quotes and apostrophes/single quotes are the issue. Although it's not a huge issue, it's likely that many of our users would want to start with a name like "Bob's Favorites List" or something like that. (meaning mainly, to use a possessive apostrophe) Regarding the URL, it is a main page with the URL [domain-name.com]/westat-video-library so I expect that doesn't help you.
Late-breaking addition: Especially interesting is that if I use the keystrokes for typeset style (a.k.a. "curly quotes") for either the apostrophe or the double quotes, then it works perfectly! (entered characters do not change after refresh) But I doubt that most users (other than former desktop publishers like myself) would normally think to enter them in this way.
Comment #16
sl27257Aha,
thanks!
Now I understand! I know that there are many problems / bugs with that part of the code. I did open this issue some weeks ago #2453803: Not all Flag lists operations are working to fix them. I will check for this problem as well. BTW the patch on that page is not in the 7.x-3.0-dev yet.
Comment #17
sl27257I am having problems reproducing the bug.
I created a list named
Thomas's "test & list"
which I think should trigger the problem. I have then tried with both F5 and ctrl-F5 (on Firefox 37.0) to refresh the page but after both these refreshes the list name appears correct. Is this the right way to reproduce it?
However the version I am using here is 7.x-3.0-dev PLUS the mentioned fixes #2453803: Not all Flag lists operations are working They are related to this functionality but I have not fixed your problem on purpose... :(
If you confirm the procedure I have used I will revert the version here.
/Thomas
Comment #18
OpsTao CreditAttribution: OpsTao commentedThomas,
My test of the same list name Thomas's "test & list" is not working here, and actually drops the part of the name past "test." But this environment is not the same as what you recently tested. It sounds like you have found a combination that solves the issue and maybe I should install the same.
To reiterate the exact condition I have now: The Flag Lists version is 7x-3.0-beta1. The changes/patches that had been applied were:
Does your combination of 7x-3.x-dev, plus the patch, also pass the failure points described above? If so, then it could be the comprehensive solution.
Comment #19
sl27257I have now checked the code and tried #2453803: Not all Flag lists operations are working for some time and I can not reproduce your problem :( So I will push #2453803: Not all Flag lists operations are working to the -dev. That is the code I am running here.
Comment #20
OpsTao CreditAttribution: OpsTao commentedThomas, I have tried the latest (April 15) dev version and here's what I am seeing upon testing the list-creation and adding-to-list process:
Note that the "illegal choice" error was not present when using a patched version of flag_lists-7.x-3.0-beta1. I have not tried applying the same modification to the April 15 dev version. That patch was: https://www.drupal.org/node/1929060#comment-7430798
The trouble I am having with this may be due to particular Drupal environment factors that are different from what you tested. In case it helps now or later on, here are the details I would think could be related:
Comment #21
sl27257Confirmed... :)
Comment #22
sl27257A short status update:
1) The problem with special characters I think I have solved. There is one case which is not working yet and that is "Deletion of a flag_list". Here the title is not showing correct yet, but this is more of a cosmetic thing.
2) #1929060: An illegal choice has been detected. Please contact the site administrator. is a little more troublesome :) The patch presented is unfortunately only a quick fix. What it does is that it takes away all verification of the entered value. I have figured out what goes wrong, where it goes wrong and why. But to fix it is a little more problematic. The AJAX routine is missing to set the updated part of the select array on the current page. If the page is refreshed (F5) everything is working nicely. I would like to avoid to reload the page and instead only add the missing info.
Comment #23
OpsTao CreditAttribution: OpsTao commentedThanks for the update and continued efforts. If you can bring this to the level of a new dev version, let us know.
Comment #24
sl27257Here is a first patch that I think solve both the problems. The AJAX handling in 2) is tricky so the only fix I have manage to get to work is to actually reload the page after the submission.
The attached patch should work even though my design base, for my on convenience :) , is the 7.x-3.0-beta1+4-dev + #2465553-4: Feature Requests: Option to customize wording; List Operations as block?
If necessary to ease testing I can push a new -dev.
Comment #25
OpsTao CreditAttribution: OpsTao commentedSounds encouraging! So in order to get to the level you have tested, would I need to start with 7.x-3.0-beta1 then successively patch with 2465553-4 followed by 2388741-24 ? Or start with 7.x-3.x-dev ? Of course, it would be great if you could push a new -dev to incorporate those changes.
Comment #26
sl27257Hmmm, seems like the -dev has a strange name for me. The name 7.x-3.0-beta1+4-dev is the current 7.x-3.x-dev. But I will push everything to the -dev.
Comment #28
sl27257Added back a character that I thought I had added for debugging only.
Comment #30
OpsTao CreditAttribution: OpsTao commentedI have tested the April 27 Dev version in the context of our site, and here is what I'm seeing both positive and negative – in reference to the special characters issue and some other recently discussed issues:
Discussion on last issue: At an earlier step in this evolution, there was a point where the failure of a newly created list name to display was limited to non-Admin users. But I have tried both Admin and non-Admin in the latest test, and cannot get a display of the list name in the dropdown.
Comment #31
sl272571) That is good. There is one place where it doesn't work and that is when you delete lists.
2) That is as expected. I know that where Javascript is included it is not changing the list. But this is in line with what I pointed out... :( I now have an idea how to fix that. :)
3) This is disappointing... I found a small problem which I corrected in the 7.x-3.0-beta1+7-dev release. This is in the 27 April release of -dev which you are using. I did do a re-install here after fixing it and it is working for me. So we need to check a few things:
After checking your pictures: (This part is updated)
Are they involved with this functionallity?
4) Your fourth item: The non-admin vs admin was due to a logical problem which, if I remember right..., is fixed with #2453803-2: Not all Flag lists operations are working the part -1517,16 +1520,18. So that you shouldn't see any longer.
/Thomas
Comment #32
OpsTao CreditAttribution: OpsTao commentedSome answers which I hope will help in the diagnosis:
First group of questions:
Second group of questions:
Fatal error: views_plugin_display::destroy(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "views_flag_refresh_plugin_display_extender" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in D:\Websites\Showcaselibrarydev\docs\sites\all\modules\views\plugins\views_plugin_display.inc on line 272
Would it help to see a series of screen captures showing exactly how the Flag Lists system is being used in this site?
Comment #33
sl27257Thanks for your comments!
Your 1) It seems definitely like the caching is involved. I will see if I can find something based on your findings sofar. On my case I have some of the caching activated. (But normally not the js and css caching on my development site.) I will see if changing anything here make a difference...
Your 2) I had exactly the same problems after adding those modules and trying to remove them. It was very tricky to do it. I can't describe exactly how I did it, but it involved removing all of their settings, clearing the cache several times and deactivating the module etc. (Maybe #2297647-5: Fatal error: views_plugin_display::destroy() or #2297647-6: Fatal error: views_plugin_display::destroy() is the ultimate trick...)
3) Please provide the suggested pictures! That would certainly help to understand how you are using it! If needed I can give you a direct email-address? Finally let me check a few more things before I create the js file I have in mind.
Comment #34
sl27257I am only aware of one place where special character are not handle correctly and that is in the "Deletion of a flag_list" as mentioned above. However this seems to me to happen external to this module... All other places works as of my knowledge.
Comment #35
FrancewhoaWe found a related issue with Views at https://www.drupal.org/node/1387718
Comment #36
FrancewhoaTemporary fix at https://www.drupal.org/node/1387718#comment-11387379