Forums

escape embedded code that is submitted in form

tokenring 23 Aug, 2010
I can't find it anywhere to escape the embedded code when a user submits the form.

When I get the e-mail, that field (where the user enters the code) is not being inserted in the e-mail because it is executing.

if I test the form and just put some plain text in the text box, the text is passed to the e-mail.

How do I take the text literally?


Aaron
nml375 23 Aug, 2010
Hi Aaron,
That sounds very odd, since the eval()-call on the email template is done prior any placeholder-substitutions.

Does the submitted code contain the <? ?> tags?
Could you try changing your email template to plain text rather than html?

/Fredrik
tokenring 24 Aug, 2010
Here is the code:

<embed width="330" height="330" src="http://www.blogtv.com/livesdk/ZeZEb2NGbGFtZeZEZ23v" type="application/x-shockwave-flash" allowFullScreen="true"></embed>

if the above code is not there, below is the same but replacing < with ( and > with )

(embed width="330" height="330" src="http://www.blogtv.com/livesdk/ZeZEb2NGbGFtZeZEZ23v" type="application/x-shockwave-flash" allowFullScreen="true")(/embed)


Aaron
tokenring 24 Aug, 2010
I turned mambots off on the form. was that correct?
nml375 24 Aug, 2010
Hi Aaron,
I think I see the problem then. What you actually see, is that your email client parses the embed-tag. Technically speaking, chronoforms does not execute the code.

There's a command in PHP to html-encode characters, such as replacing < with < Unfortunately, I don't remember the exact name of the command right now.
What you need to do, however, is to read the form input, encode it, and write it back to the form input data.
This will all have to be done in the 'on submit - before email' code:
<? $_POST['mycode'] = htmlentities($_POST['mycode']); ?>


/Fredrik

Edit: Looked up the function I was refering to; it's named 'htmlentities(). Also updated the posted code accordingly.
nml375 24 Aug, 2010
Also,
Just for clarification. This is not related to the "Run Mambots"-setting.

/Fredrik
This topic is locked and no more replies can be posted.