Posts: 260
Threads: 39
Joined: Jun 2014
Hi,
in an earlier GS version I had a blog page with a link in the h1.
Therefore I gave the page the following name:
<a href="http://www.url.de/blog">Blogpage</a>
With this I always got a wonderful h1 displayed as "Blogpage" and linked with the blog page.
After updating to 3.3.11 I get displayed "<a href="http://www.url.de/blog">Blogpage</a>". The new GS seems not to understand that it should be a link. It does not work as a link also.
In the source of the page I see this:
<h1><a href="http://www.url.de/blog">Blogpage</a></h1>
Where do these &#... things come from?
Thank you
Hypertexter
Posts: 6,266
Threads: 181
Joined: Sep 2011
html should have never been allowed in titles to begin with , its an injection vector.
you need to post your examples in code tags so we can see it.
i am assuming you mean entities ?
how are you putputting the title in your template ?
Posts: 538
Threads: 12
Joined: May 2013
Can you edit the title outside admin?
Posts: 6,266
Threads: 181
Joined: Sep 2011
I meant to say we fixed some xss issues, and that probably broke it, but you can modify your output to fix entities etc.
Posts: 260
Threads: 39
Joined: Jun 2014
Even code blocks do not help, see attached txt file...
html.txt (Size: 116 bytes / Downloads: 12)
I do not understand this question:
Quote:how are you putputting the title in your template ?
And this:
Quote:Can you edit the title outside admin?
It is not the title, the title is ok. It is the h1 headline inside the page body.
Posts: 260
Threads: 39
Joined: Jun 2014
Quote:you can modify your output to fix entities etc.
How?
Posts: 538
Threads: 12
Joined: May 2013
(2016-08-19, 03:21:50)shawn_a Wrote: I meant to say we fixed some xss issues, and that probably broke it, but you can modify your output to fix entities etc.
Ah Ok, thx for the info
@Hypertexter, you can simple use <?php html_entity_decode($your_title) ?> in your template
Posts: 6,266
Threads: 181
Joined: Sep 2011
so this is in your content ?
Posts: 3,491
Threads: 106
Joined: Mar 2010
@shawn_a I think it's get_page_title. Since 3.3.6: https://github.com/GetSimpleCMS/GetSimpl...ssues/1046
@Hypertexter
If you want to use html in titles, in your template change
Code: <?php get_page_title(); ?>
by
Code: <?php echo html_entity_decode(get_page_title(false)); ?>
(Though it may be better checking for the blog slug and rendering the link...)
Posts: 260
Threads: 39
Joined: Jun 2014
2016-08-19, 17:47:02
(This post was last modified: 2016-08-19, 18:01:35 by Hypertexter.)
Hi,
@Carlos: yes, you are right. I wanted to try your code, but then I had this problem here:
http://get-simple.info/forums/showthread.php?tid=8663
I cannot edit the file via GS to try it out at the moment. 
But what do you mean by
Quote:Though it may be better checking for the blog slug and rendering the link...
?
And do I understand this right: it was a security problem and in 3.4 it will be cut again?
Hypertexter
Edit: @Carlos: it works, thank you! I only had to set template.php to 666 in Filezilla.
Posts: 3,491
Threads: 106
Joined: Mar 2010
(2016-08-19, 17:47:02)Hypertexter Wrote: But what do you mean by
Quote:Though it may be better checking for the blog slug and rendering the link...
?
I mean something like:
Code: <?php if (return_page_slug() == "blog") { ?>
<h1><a href="<?php echo find_url("blog", ""); ?>"><?php get_page_title(); ?></a></h1>
<?php } else { ?>
<h1><?php get_page_title(); ?></h1>
<?php } ?>
This way you don't need to insert html code in your blog page title.
Posts: 6,266
Threads: 181
Joined: Sep 2011
"It is not the title, the title is ok. It is the h1 headline inside the page body."
SO which is it, confused
oh yeah that IS the title....
yeah we strip that crap, huge vulnerability. I got tired of the CVEs being reported.
Posts: 260
Threads: 39
Joined: Jun 2014
@Carlos
Hm, ok... would this also work on single post pages? At the moment they all have the blog h1 as a link back to the overview blog page, this is the reason for my construction.
Posts: 260
Threads: 39
Joined: Jun 2014
@shawn_a
I'm afraid my English is too bad to understand sometimes...
I wanted to say: the meta tag "title" is ok, the h1 headline was the problem.
Posts: 3,491
Threads: 106
Joined: Mar 2010
(2016-08-20, 01:13:30)Hypertexter Wrote: @Carlos
Hm, ok... would this also work on single post pages? At the moment they all have the blog h1 as a link back to the overview blog page, this is the reason for my construction.
If it worked the way you had it before, it should work this way too.
Posts: 260
Threads: 39
Joined: Jun 2014
@Carlos
No, it does not. It shows the whole url again, like before your first proposal.
This works:
PHP Code: <?php echo html_entity_decode(get_page_title(false)); ?>
But not in the breadcrumbs, there I still see the URL.
I am very sure I will never do a GS update again except at gunpoint. 
Posts: 6,266
Threads: 181
Joined: Sep 2011
This works for me...
Code: <a href="http://www.url.de/blog">Blogpage</a>
as page title shows as link in page...
confused..
Posts: 3,491
Threads: 106
Joined: Mar 2010
The second (longer) code snippet requires that you remove the html code (<a href etc.) from the page title.
Posts: 260
Threads: 39
Joined: Jun 2014
2016-08-23, 18:40:44
(This post was last modified: 2016-08-23, 18:41:13 by Hypertexter.)
@Carlos:  Clumsy me! Of course... it works perfectly now, even in the breadcrumbs. Thank you!
@shawn_a: I share you confusion, since on my local WAMP server the solution from the first post works fine under GS 3.3.11 like it did on the webserver in GS 3.3.5. But in GS 3.3.11 there seems to be a difference in the webserver's published page. Perhaps the PHP version of my webserver is too old: 5.3.29. On my WAMP it is PHP 5.5.12.
Posts: 6,266
Threads: 181
Joined: Sep 2011
Hmm yes i bet the strip code is acting different maybe because of flags not defined.
Ill check that
|
Download
