arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Fix smart-quotes and other funky characters in email messages - need to //TRANSLIT convert _before_ escaping for the query

Browse Source
This commit is contained in:
james 2010-03-25 14:23:25 +00:00
parent a821cd3e3c
commit 07902b107e
1 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
admin/communication.php
View File

@ -135,11 +135,30 @@ case 'dialog_choose':
case 'email_save':
$id = intval($_POST['emails_id']);
$name = mysql_real_escape_string(stripslashes($_POST['name']));
$description = mysql_real_escape_string(stripslashes($_POST['description']));
$from = mysql_real_escape_string(stripslashes($_POST['from']));
$subject = mysql_real_escape_string(stripslashes($_POST['subject']));
$bodyhtml = mysql_real_escape_string(stripslashes($_POST['bodyhtml']));
//we need to character encode BEFORE we myql_real_escape_strintg
//otherwise, a smartquote ' will turn into a normal ' that ends up
//not being escaped!
$name=$_POST['name'];
$description=$_POST['description'];
$from=$_POST['from'];
$subject=$_POST['subject'];
$bodyhtml=$_POST['bodyhtml'];
//add //TRANSLIT to approximate any characters (eg smartquotes) that it doesnt know
$bodyhtml=iconv("UTF-8","ISO-8859-1//TRANSLIT",$bodyhtml);
$name=iconv("UTF-8","ISO-8859-1//TRANSLIT",$name);
$description=iconv("UTF-8","ISO-8859-1//TRANSLIT",$description);
$from=iconv("UTF-8","ISO-8859-1//TRANSLIT",$from);
$subject=iconv("UTF-8","ISO-8859-1//TRANSLIT",$subject);
//Now its safe to escape it for the db query
$name = mysql_real_escape_string(stripslashes($name));
$description = mysql_real_escape_string(stripslashes($description));
$from = mysql_real_escape_string(stripslashes($from));
$subject = mysql_real_escape_string(stripslashes($subject));
$bodyhtml = mysql_real_escape_string(stripslashes($bodyhtml));
$type = mysql_real_escape_string($_POST['type']);
$key = mysql_real_escape_string($_POST['key']);
$fcid = mysql_real_escape_string($_POST['fcid']);
@ -157,11 +176,6 @@ case 'email_save':
/* Allow the fundraising campaigns id to be NULL, it'll never be 0 */
$fcstr = ($fcid == 0) ? 'NULL' : "'$fcid'";
$bodyhtml=iconv("UTF-8","ISO-8859-1",$bodyhtml);
$name=iconv("UTF-8","ISO-8859-1",$name);
$description=iconv("UTF-8","ISO-8859-1",$description);
$from=iconv("UTF-8","ISO-8859-1",$from);
$subject=iconv("UTF-8","ISO-8859-1",$subject);
$body=getTextFromHtml($bodyhtml);
mysql_query("UPDATE emails SET