Bug: Double Quotes not Handled Correctly in TWiki Forms

In a TWiki form the double quote '"' is replaced by &#34 to avoid HTML confusion, it should be ". Moreover the replacement is done for text inputs which is understandable but also for textarea inputs which is useless since double quotes are allowed (I think) in a textarea.

Test case

Just type '"' in a TWiki form (input text or textarea), save it and edit it again, you will see the &#34 garbage.

Environment

-- XavierREDON - 16 Jun 2003

Follow up

Fix record

The "bug" could be corrected by :

• adding a ';' after &#34 around line 252 in TWiki/Form.pm ;
• removing the double quote conversion about line 264 in TWiki/Form.pm (the conversion in the textarea case is useless).

-- XavierREDON - 16 Jun 2003

Good spot. The solution suggested however won't fix the problem (having tried them). There's two problems:

1. " is converted to &#34 - this isn't correct - it should be " .
2. The conversion happens before & is converted to &

The upshot is

• You type : "
• You get : &#34

Which really isn't what's wanted!

The fix is to convert " to " after converting every & s to & . Patch against BeijingRelease attached. To use the patch:

• cd twiki home
• cd lib/TWiki
• cp DOUBLEQUOTE_BUG.patch .
• patch -p0 <DOUBLEQUOTE_BUG.patch

-- MS - 16 Jun 2003

OK for the patch with " after & remplacement but why do you do the replacement in the case of a textarea input, a double quote should not be a problem in this case ?

-- XavierREDON - 16 Jun 2003

I agree it shouldn't be a problem.

-- MS - 16 Jun 2003

Fixed with some additional changes. In TWikiAlphaRelease.

-- PeterThoeny - 18 Jun 2003

Category: TWikiPatches