Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#12610] - $input->getHtml() is stripping all HTML tags

?
avatar machadoug
machadoug
28 Oct 2016

I'm creating a component and I've stumbled upon an issue with the JFactory::getApplication()->input->post->get($this->alias,'','HTML'); code. It is stripping all tags.

Steps to reproduce the issue

In Joomla Administrator and in the front-end area I have performed a very simple test case using a simple textarea and an editor plugin and I got the same results.

In my form I have for example:

<form action="<?php echo JRoute::_( 'index.php?option=com_mycomponent&view=myview&id=1');" method="post" name="adminForm" id="adminForm" class="form-validate">
    <textarea name="test"></textarea>
</form>

I enter some valid html code in the textarea, for example:
<p>TEST</p>

In the model or in the controller or in the view I use the code:
var_dump(JFactory::getApplication()->input->post->get('test','','HTML') );

Expected result

<p>TEST</p>

Actual result

TEST

System information (as much as possible)

PHP Built On Linux 4.4.0-45-generic #66-Ubuntu SMP Wed Oct 19 14:12:37 UTC 2016 x86_64
Database Version 5.7.16-0ubuntu0.16.04.1
Database Collation utf8mb4_general_ci
Database Connection Collation utf8mb4_general_ci
PHP Version 7.0.8-0ubuntu0.16.04.3
Web Server Apache/2.4.18 (Ubuntu)
WebServer to PHP Interface apache2handler
Joomla! Version Joomla! 3.6.4 Stable [ Noether ] 21-October-2016 16:33 GMT
Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36

Additional comments

If I get the desired HTML if I use:
JFactory::getApplication()->input->post->get('test','','RAW');
OR
JRequest::getVar('test', '', 'default', 'none',4))

Text Filter Settings in Joomla Global Configuration is set to No Filtering;

I'm not using JForm class.

avatar machadoug machadoug - open - 28 Oct 2016
avatar machadoug machadoug - change - 28 Oct 2016
The description was changed
avatar machadoug machadoug - edited - 28 Oct 2016
avatar ggppdk
ggppdk - comment - 28 Oct 2016

There is no bug ... see below

'HTML' is plain text that allows HTML entities
'STRING' is plain text that decodes HTML entities and then strips the created tags

'HTML' was maybe a bad name choice ?,

  • that has caused confusion to many first time joomla develepers before you
  • but there is no bug

what you need is below (please test them, since i may have written something wrongly)

// Allow safe HTML ... but also decode HTML special characters before filtering
// Decoding allows removal of e.g. &lt;badtag&gt; ... &lt;/badtag&gt;
$v = JFactory::getApplication()->input->post->get('test','','RAW');
$safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1);
$v = $safeHtmlFilter->clean($v, 'string');

// Allow safe HTML ... and allow ANY HTML if encoded, e.g. allows &lt;i&gt; ... &lt;/i&gt;
$v = JFactory::getApplication()->input->post->get('test','','RAW');
$safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1);
$v = $safeHtmlFilter->clean($v, 'html');

// Filter according to user group Text Filters
$v = JFactory::getApplication()->input->post->get('test','','RAW');
$v = JComponentHelper::filterText($v);
avatar brianteeman brianteeman - close - 28 Oct 2016
avatar machadoug
machadoug - comment - 28 Oct 2016

@ggppdk Thanks for clarifying it for me.

avatar machadoug machadoug - change - 28 Oct 2016
Status New Closed
Closed_Date 0000-00-00 00:00:00 2016-10-28 17:11:46
Closed_By machadoug
avatar machadoug machadoug - close - 28 Oct 2016
avatar machadoug machadoug - close - 28 Oct 2016
avatar brianteeman brianteeman - change - 29 Oct 2016
Labels Added: ?

Add a Comment

Login with GitHub to post a comment