MyBB Community Forums

Ok..well I found a bug that's driving me crazy.  While it seemingly only effects Opera users I figure I should report it nonetheless.

\xa0\xa0

While using my inline_ads I saw a bug today...after 2 hours I tracked it down to those character being inserted when the settings form is saved in Opera.  Those are XSL stylesheet malformed data that gets inputed in the form.  I am not sure why it only effects Opera but it does.

I am trying to fix it or narrow it down further.  I can only assume this bug is a problem for other form data as well.

Ok..I am narrowing it down further to this function

function htmlspecialchars_uni($message)
{
	$message = preg_replace("#&(?!\#[0-9]+;)#si", "&", $message); // Fix & but allow unicode
	$message = str_replace("<","&lt;",$message);
	$message = str_replace(">","&gt;",$message);
	$message = str_replace("\"","&quot;",$message);
	$message = str_replace("  ", "&nbsp;&nbsp;", $message);
	return $message;
}

It is the str_replace of the dual spaces that seem to be the big issue.

OK..I have proudly fixed the bug. It was that function and the problem is that double-space replacement.

It should be this instead

$message = str_replace("\s{2}", "  ", $message);

Please fix this in next version please.

0.o wierd. why would there be a difference between matching two spaces or using the regex way o.o

I'll fix it tomorrow morning as its late here (past midnight).

Quote:$message = str_replace("\s{2}", "  ", $message);

That won't work.

That'll replace any instances of s{2} in messages with a double space - because the \s character (whitespace etc) and the {2} counter/modifier are only available in preg_replace - str_replace is standard string replacement.

I'm not too sure why we have the spaces replacement there either - multiple spaces should only show up once.

Doh...so should I change my line to preg_replace then?

How can I alter this? Also every single example I could find of htmlspecialchars_uni used by others didn't use space replacement. So let me know if this line is even needed.

Thank you sir. My wife is gonna be ticked off. I spent 4+ hours on this instead of fixing the garage up. At first I just saw in Firefox and IE that my google ads didn't show up. Then I thought maybe my Opera is screwed and spent like over an hour updating to a beta version of Opera..which kicks butt yet didn't fix the problem. Finally I copied and pasted the code from my form into my ssh session on a unix box and saw the extra characters...from there I tracked it down to that function and that single line. Oh boy what a night.

Thanks if you can get this fixed permanently.

A decision needs to be made on whether to change it to:

$message = preg_replace("\s{2}", "  ", $message);

or just remove it entirely. From what I heard it was added because of request.

Also, we were considering just doing, instead of multiple spaces:

$message = preg_replace("\t", "     ", $message);

Right now I have it just commented out. I do believe \t would be nice (that's for tabs) but it doesn't appear neccessary in either case.

We've just removed it. Marking as fixed.

This bug has been fixed in the latest code.

Please note the latest code is not live on the site or for download. An update will be released which contains this fix.