Solved

TinyMCE and PHP - Adding Extra Characters

Posted on 2013-01-10
12
341 Views
Last Modified: 2013-01-24
I have never had this problem before.   I am using PHP and TinyMCE together to be able to send an email with HTML coding.    Something weird is happening - TinyCME and/or PHP is adding an extra "\ at the beginning of the <A HREF tag so a link in the email doesn't work.   I have never had this happen before but I have never used PHP with TinyMCE so I am not sure which side to blame.

This is the form field:

<TR><TD valign="top"><strong>Message</strong>:</TD><TD><textarea name="EmailMessage" class="tinymce" rows="15" cols="70"></textarea></TD></TR>

Open in new window


This is what I am using for the body of the email (but it also outputs to the screen incorrectly with an echo statement.

fputs($fd, $_POST['EmailMessage'] ."\n");

Open in new window


So if i have http://www.test.org as the link it gets written out as /"http://www.test.org which doesn't work.   Any ideas??
0
Comment
Question by:digitalwise
12 Comments
 
LVL 12

Expert Comment

by:jessegivy
Comment Utility
Did you enter the link yourself? Can you replicate tinyMCE adding the slash and double quote? What happens if you delete it from the HTML view in tinyMCE?

Note that "\ and /" are very different things. The backslash is the escape control character in php as I'm sure you're aware. while the front slash is not a control character.

Post the HTML generated by tinyMCE?

Add a new link and replicate the issue.
0
 

Author Comment

by:digitalwise
Comment Utility
This is replicable - it does it every time for every user.   If I enter stuff in the TinyMCE box that looks like this under HTML view.   <p>This is a test of the <a href="http://www.google.com">link</a>.</p>   The resulting HTML is
<p>This is a test of the <a href=\"http://www.google.com\">link</a>.</p>
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
Comment Utility
@jessegivy asked if you would post your code.  That will be a big help.  The best thing to do is save the file as a static html page and post a link to it so we can see all the html, css and js.
0
 
LVL 50

Expert Comment

by:Steve Bink
Comment Utility
It sounds like your code is escaping the form input, as if it would be saved in a database.  That's fine, if you're actually saving it in a database, but the escaped version of the text should not be used for distribution.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:digitalwise
Comment Utility
This is the code  
while ($row = mysql_fetch_assoc($result)) {
    
	$fd = popen("/usr/sbin/sendmail -t","w") or die("Couldn't Open Sendmail");
    fputs($fd, "To: " .$row['Email'] ." \n");
    fputs($fd, "From: " .$_POST['SendFrom'] ." \n");
    fputs($fd, "Subject:" .$_POST['Subject']. "\n");
	fputs($fd, "Content-type: text/html \n");
    fputs($fd, "X-Mailer: PHP3 \n\n");
	fputs($fd, $_POST['EmailMessage'] ."\n");
    pclose($fd);  

Open in new window


I already posted the form field above.   There is much else to it other than the links to the tinymce jscript.

I did just try adding the
	fputs($fd, mysql_real_escape_string($_POST['EmailMessage']) ."\n");

Open in new window


but that made it worse with \\\ at the beginning and end of the URL in the email message.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Please run this script, shown here in its entirety.  Scan the output for magic_quotes_gpc and tell us what you find.

<?php phpinfo();

Open in new window

Thanks, ~Ray
0
 

Author Comment

by:digitalwise
Comment Utility
magic_quotes_gpc      On      On
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
Comment Utility
magic_quotes_gpc is possibly the problem.  Please read the article and post back if there is anything in it that you do not understand.

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html
0
 

Author Closing Comment

by:digitalwise
Comment Utility
I had to use the script in the reference and not use the other coding...
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Drop down button NAMES disappear 1 37
windows 10 bash shell 4 31
Video on my site 4 25
Setting Up Local Lan Web Server 1 12
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now