Bug #75548
closedRTE lacks dropdown content after updating to 6.2.21
100%
Description
The Update to 6.2.20 introduced a bug (?) in the RTE while editing a CE containing text. When setting a link a popup opens and there the dropdown for the link style (internal, internal in new window, external, etc.) is now empty, because the select options have the <, >, " and & replaced bei the htmlentities <,>, " and &.
Updated by Petra Neumann over 8 years ago
Still there with 6.2.21.
And sorry, it meant to read: ... replaced by the htmlentities & lt ; & gt ; & quot ; and & amp ;
Updated by Markus Klein over 8 years ago
- Subject changed from RTE lacks dropdown content after updating to 6.2.20 to RTE lacks dropdown content after updating to 6.2.21
- Status changed from New to Accepted
- Assignee set to Markus Klein
I'll try to fix that asap. Sorry for the troubles.
Updated by Alexander Bigga over 8 years ago
The error ist the htmlspecialchars() in line 874 of typo3/sysext/rtehtmlarea/Classes/BrowseLinks.php. It escapes the whole <option>-Tag instead of the values inside.
See:
Updated by Markus Klein over 8 years ago
Thanks Alexander for digging. Can you push a patch, so your name shows up as author?
Updated by Oliver Heins over 8 years ago
diff -ur typo3_src-6.2.21-orig/typo3/sysext/rtehtmlarea/Classes/BrowseLinks.php typo3_src-6.2.21/typo3/sysext/rtehtmlarea/Classes/BrowseLinks.php --- typo3_src-6.2.21-orig/typo3/sysext/rtehtmlarea/Classes/BrowseLinks.php 2016-04-12 13:11:14.000000000 +0200 +++ typo3_src-6.2.21/typo3/sysext/rtehtmlarea/Classes/BrowseLinks.php 2016-04-13 10:50:00.862585559 +0200 @@ -871,7 +871,7 @@ <td><label>' . $GLOBALS['LANG']->getLL('anchor_class', TRUE) . ':</label></td> <td colspan="3"> <select name="anchor_class" onchange="' . htmlspecialchars($this->getClassOnChangeJS()) . '"> - ' . htmlspecialchars($this->classesAnchorJSOptions[$this->act]) . ' + ' . $this->classesAnchorJSOptions[$this->act] . ' </select> </td> </tr>';
htmlspecialchars() is applied to classesAnchorJSOptions in line 238 for all relevant data.
Updated by Gerrit Code Review over 8 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/47641
Updated by Petra Neumann over 8 years ago
First: the patch fixes the Dropdown.
However, in the onchange event handler in the select field for the style (<select name="anchor_class" ...) the && are still escaped as & amp ;& amp ; - probably the browsers do not care, but who knows. If now I remove the htmlspecialchars() in the line above the pached one (also introduced with 6.2.20)
typo3_src-6.2.21/typo3/sysext/rtehtmlarea/Classes/BrowseLinks.php:873 <select name="anchor_class" onchange="' . htmlspecialchars($this->getClassOnChangeJS()) . '">)
the && are shown correctly, but the following line
// Reset target to default if field is not displayed and class has no configured target document.ltargetform.ltarget.value = "";
in the middle of the onchange handler has double quotes, which is bad, because it interferes with the double quotes the handler is enclosed in. The line had single quotes until 6.2.19.
Unfortunately I have no time at the moment to look into that further. :(
Edit: translated. Sorry.
Updated by Gerrit Code Review over 8 years ago
Patch set 2 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/47641
Updated by Markus Klein over 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 851314000fb8c382b3471ec01f4c2fac63753020.