Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PROBLEM Ugly and defect link in h1 after update
#1
Hi,

in an earlier GS version I had a blog page with a link in the h1.

Therefore I gave the page the following name:
<a href="http://www.url.de/blog">Blogpage</a>

With this I always got a wonderful h1 displayed as "Blogpage" and linked with the blog page.

After updating to 3.3.11 I get displayed "<a href="http://www.url.de/blog">Blogpage</a>". The new GS seems not to understand that it should be a link. It does not work as a link also.

In the source of the page I see this:

<h1><a href="http://www.url.de/blog">Blogpage</a></h1>

Where do these &#... things come from?

Thank you
Hypertexter
Reply
#2
html should have never been allowed in titles to begin with , its an injection vector.
you need to post your examples in code tags so we can see it.
i am assuming you mean entities ?

how are you putputting the title in your template ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#3
Can you edit the title outside admin?
Reply
#4
I meant to say we fixed some xss issues, and that probably broke it, but you can modify your output to fix entities etc.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#5
Even code blocks do not help, see attached txt file...


.txt   html.txt (Size: 116 bytes / Downloads: 12)


I do not understand this question:

Quote:how are you putputting the title in your template ?

And this:

Quote:Can you edit the title outside admin?
It is not the title, the title is ok. It is the h1 headline inside the page body.
Reply
#6
Quote:you can modify your output to fix entities etc.

How?
Reply
#7
(2016-08-19, 03:21:50)shawn_a Wrote: I meant to say we fixed some xss issues, and that probably broke it, but you can modify your output to fix entities etc.

Ah Ok, thx for the info

@Hypertexter, you can simple use <?php html_entity_decode($your_title) ?> in your template
Reply
#8
so this is in your content ?
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#9
@shawn_a I think it's get_page_title. Since 3.3.6: https://github.com/GetSimpleCMS/GetSimpl...ssues/1046

@Hypertexter
If you want to use html in titles, in your template change
Code:
<?php get_page_title(); ?>
by
Code:
<?php echo html_entity_decode(get_page_title(false)); ?>

(Though it may be better checking for the blog slug and rendering the link...)
Reply
#10
Hi,

@Carlos: yes, you are right. I wanted to try your code, but then I had this problem here:
http://get-simple.info/forums/showthread.php?tid=8663

I cannot edit the file via GS to try it out at the moment. Sad 

But what do you mean by

Quote:Though it may be better checking for the blog slug and rendering the link...

?

And do I understand this right: it was a security problem and in 3.4 it will be cut again?

Hypertexter

Edit: @Carlos: it works, thank you! I only had to set template.php to 666 in Filezilla.
Reply
#11
(2016-08-19, 17:47:02)Hypertexter Wrote: But what do you mean by

Quote:Though it may be better checking for the blog slug and rendering the link...

?

I mean something like:

Code:
<?php if (return_page_slug() == "blog") { ?>
    <h1><a href="<?php echo find_url("blog", ""); ?>"><?php get_page_title(); ?></a></h1>
<?php } else { ?>
    <h1><?php get_page_title(); ?></h1>
<?php } ?>

This way you don't need to insert html code in your blog page title.
Reply
#12
"It is not the title, the title is ok. It is the h1 headline inside the page body."

SO which is it, confused

oh yeah that IS the title....

yeah we strip that crap, huge vulnerability. I got tired of the CVEs being reported.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#13
@Carlos

Hm, ok... would this also work on single post pages? At the moment they all have the blog h1 as a link back to the overview blog page, this is the reason for my construction.
Reply
#14
@shawn_a
I'm afraid my English is too bad to understand sometimes...

I wanted to say: the meta tag "title" is ok, the h1 headline was the problem.
Reply
#15
(2016-08-20, 01:13:30)Hypertexter Wrote: @Carlos

Hm, ok... would this also work on single post pages? At the moment they all have the blog h1 as a link back to the overview blog page, this is the reason for my construction.

If it worked the way you had it before, it should work this way too.
Reply
#16
@Carlos
No, it does not. It shows the whole url again, like before your first proposal.

This works:

PHP Code:
<?php echo html_entity_decode(get_page_title(false)); ?>


But not in the breadcrumbs, there I still see the URL.
I am very sure I will never do a GS update again except at gunpoint. Undecided
Reply
#17
This works for me...

Code:
<a href="http://www.url.de/blog">Blogpage</a>

as page title shows as link in page...

confused..
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#18
The second (longer) code snippet requires that you remove the html code (<a href etc.) from the page title.
Reply
#19
@Carlos: Exclamation  Clumsy me! Of course... it works perfectly now, even in the breadcrumbs. Thank you!

@shawn_a: I share you confusion, since on my local WAMP server the solution from the first post works fine under GS 3.3.11 like it did on the webserver in GS 3.3.5. But in GS 3.3.11 there seems to be a difference in the webserver's published page. Perhaps the PHP version of my webserver is too old: 5.3.29. On my WAMP it is PHP 5.5.12.
Reply
#20
Hmm yes i bet the strip code is acting different maybe because of flags not defined.
Ill check that
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply




Users browsing this thread: 3 Guest(s)