What's happened?
If the the text phrase with var_name="align_left" contains a quote ', the complete site gets unusable because the generated javascript code is broken as it is not escaped with a backslash \'. It produces a hundred of errors that can be seen on the javascript console.
Steps to reproduce:
- Add a quote in the phrase var_name="align_left" (see screenshot below)
What's expected?
All localized strings should be properly escaped. Quotes should be escaped with a backslash.
Server information
PHP Version 7.3.28
phpFox version
phpfox 4.8.8 (problem did not exist on previous versions)
Screenshots
Database entry:
Broken JS code:
Text correctly escaped with backslash marked in blue. Affected text not escaped marked in red (backslash is missing).
Notices
- Other phrases seem to be correctly escaped (see screenshot above)
- Other phrases might be also affected?
What's happened?
If the the text phrase with var_name="align_left" contains a quote
', the complete site gets unusable because the generated javascript code is broken as it is not escaped with a backslash\'. It produces a hundred of errors that can be seen on the javascript console.Steps to reproduce:
What's expected?
All localized strings should be properly escaped. Quotes should be escaped with a backslash.
Server information
PHP Version 7.3.28
phpFox version
phpfox 4.8.8 (problem did not exist on previous versions)
Screenshots
Database entry:
Broken JS code:
Text correctly escaped with backslash marked in blue. Affected text not escaped marked in red (backslash is missing).
Notices