PHP-Nuke: Management and Programming
Prev	Chapter 27. Miscellaneous	Next

27.14. How to deal with quotes in the site's name

What if O'Reilly decided to use PHP-Nuke for an "O'Reilly website"? He might find out the single quote in his name made it impossible to save the site's name in the Preferences of the administration panel (see Section 7.2).

Single quotes ('), double quotes (") and backslashes (\) need to be quoted in strings that will be entered in a database. This is done by the PHP addslashes function. Conversely, the PHP stripslashes function returns a string with backslashes stripped off (\' becomes ' and so on). To enable the use of single quotes in the site's name, do the following:

Add the line

$sitename = stripslashes($sitename);

in mainfile.php, after the line that computes $sitename. According to your PHP-Nuke version, this line may be

$sitename = $row[sitename];

(for version 6.8) or

list($sitename, $nukeurl, $site_logo, $slogan, $startdate, $adminmail, $anonpost, $Default_Theme, $foot1, $foot2, $foot3, $commentlimit, $anonymous, $minpass, 
$pollcomm, $articlecomm, $broadcast_msg, $my_headlines, $top, $storyhome, 
$user_news, $oldnum, $ultramode, $banners, $backend_title, $backend_language, 
$language, $locale, $multilingual, $useflags, $notify, $notify_email, 
$notify_subject, $notify_message, $notify_from, $footermsgtxt, $email_send, 
$attachmentdir, $attachments, $attachments_view, $download_dir, $defaultpopserver,
$singleaccount, $singleaccountname, $numaccounts, $imgpath, $filter_forward, 
$moderate, $admingraphic, $httpref, $httprefmax, $CensorMode, $CensorReplace, 
$copyright, $Version_Num) = sql_fetch_row($result, $dbi);

(for earlier 6.x versions). Repeat this for the file admin/modules/settings.php. While you are in this file, search for the line

.""._SITENAME.":</td><td><input type='text' name='xsitename' 
value='$sitename' size='40' maxlength='255'>"

and change it to

.""._SITENAME.":</td><td><input type=\"text\" name=\"xsitename\" 
value=\"$sitename\" size=\"40\" maxlength=\"255\">"

(we basically replace single quotes with escaped double ones in the above line, so that the single quote(s) in $sitename don't mess up the code). Finally , while still in admin/modules/settings.php, find the line

global $prefix, $dbi;

in function ConfigSave and add the following line after it:

$xsitename = addslashes($xsitename);

Prev	Home	Next
How to deal with date and time	Up	How to embed a Flash object in PHP-Nuke News