i try to get htmlpurifier to work with my code as following:
if(isset($_POST['selectors_data'])) {
//$selectors_data = tep_db_prepare_input($_POST['selectors_data']);
$selectors_data2 = $_POST['selectors_data'];
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$selectors_data = $purifier->purify($selectors_data2);
}
i try to insert (newvalue): <i class="fa fa-angellist"></i>
on my localhost all magic quotes and references to magic quotes are turned off
When data is saved (via jQuery $.post )
$.post('ajax_editor.php', {
action: 'update',
selectors_id: id,
selectors_field: field,
selectors_data: newvalue
}, function (data) {
$(' #container ').html(data);
}, "json");
Via the following query the data is told to insert:
tep_db_query("update " . TABLE_BTS_CSS_SELECTORS . " set selectors_name = '" . $selectors_data . "' where selectors_id = '" . (int)$selectors_id . "'");
And via the following db function the data is actually inserted:
function tep_db_query($query, $link = 'db_link') {
global $$link;
$result = mysqli_query($$link, $query) or tep_db_error($query, mysqli_errno($$link), mysqli_error($$link));
return $result;
}
So, nothing is replaced/stripped/removed in the whole process except with htmlpurifier But the data is stored as:
<i class=""fa"></i>
I am out of options.
As my site is in utf-8 i also tried:
$purifier = new HTMLPurifier();
$selectors_data = $purifier->purify($selectors_data2);
So without config
When i test on the Htmlpurifier(click to see attempt) demo site , all seems fine.
UPDATE: i am now 100% sure the issue is NOT created by HTMLpurifier.There seems to be some hidden unknown code that converts $_POST
statements (sorry)
SOLVED found the "hidden code as:
// handle magic_quotes_gpc turned off.
if (!get_magic_quotes_gpc()) {
do_magic_quotes_gpc($HTTP_GET_VARS);
do_magic_quotes_gpc($HTTP_POST_VARS);
do_magic_quotes_gpc($HTTP_COOKIE_VARS);
}
Where ofcourse for each $_GPC or $HTTP_GPC slashes are add.
so a SIMPLE stripslashes($_POST['selectors_data'])
BEFORE HTMLPurifier let it work :)
Sorry for the big post