Blocks Issue with paypal buttons.

Regular Joined: Jun 13, 2006 Posts: 54

Hey guys I upgraded the website to 2.5 and now having problems with the fckeditor.

I am copying and pasting in the code from source. Putting this code in
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

<input type="hidden" name="cmd" value="_s-xclick">

<input type="hidden" name="hosted_button_id" value="XSCBTJV8P6NSL">

<input type="image" src="https://www.paypalobjects.com/en_AU/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">

<img alt="" border="0" src="https://www.paypalobjects.com/en_AU/i/scr/pixel.gif" width="1" height="1">

</form>

Then I check to see what is saved and its blowing out most of the code.

Here is all that is saved when i go to re edit that block

<p><img width="1" border="0" height="1" src="https://www.paypalobjects.com/en_AU/i/scr/pixel.gif" alt="" /></p>

This was not a problem in 2.4.

I also tried other themes from the core 2.5 and still same issue.

Posted: Mon Jan 23, 2012 10:15 pm

Also tried this with a fresh install of 2.5 and still have same problem.

Posted: Mon Jan 23, 2012 10:43 pm

not sure why this worked before and not now.... It would be easiest to create a block file, since it would probably be a bad idea to add form and input to the allowed html tags.

Code:

<?php





if ( !defined('BLOCK_FILE') ) {


    Header('Location: ../index.php');


    die();


}





$content = '<form action="https://www.paypal.com/cgi-bin/webscr" method="post">


<input type="hidden" name="cmd" value="_s-xclick">


<input type="hidden" name="hosted_button_id" value="XSCBTJV8P6NSL">


<input type="image" src="https://www.paypalobjects.com/en_AU/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">


<img alt="" border="0" src="https://www.paypalobjects.com/en_AU/i/scr/pixel.gif" width="1" height="1">


</form>';





?>

Posted: Mon Jan 23, 2012 10:59 pm

This method may work for me because im a little more tech savy but asking the lady that owns the site to do this might be a little rough. Also this would defeat what the fckeditor for and why have a source button option if you can't put source code in.

What she does is use the fckeditor to add pics she uploads and makes a button from paypal and then using the source editor to add the paypal code.

Hopefully there is a fix for this. I have always loved what you guys do here and you make a great product!!!

Posted: Mon Jan 23, 2012 11:44 pm

Good point. I will have to give this some thought considering your circumstances. Anyone else is welcome to chime in with ideas. Smile

I would actually like a different set of $AllowableHTML for super admins or perhaps no filtering at all, but not sure how feasible that is. I'll stick by my earlier statement that adding form as an allowed html tag is a bad idea... although if you want to confirm the culprit take a look at rnconfig.php and in the $AllowableHTML array add a couple of lines like so.
find

Code:

'em' => array('class' => 1, 'style' => 1, 'id' => 1),

after on new line add

Code:

'form' => array('action' => 1, 'method' => 1),

find

Code:

'img' => array('class' => 1, 'style' => 1, 'id' => 1, 'alt' => 1, 'src' => 1, 'hspace' => 1, 'vspace' => 1, 'width' => 1, 'height' => 1, 'border' => 1, 'align' => 1),

after on new line add

Code:

'input' => array('type' => 1, 'name' => 1, 'src' => 1, 'value' => 1),

Please note this is only to confirm the issue, and don't leave this code on a production site for security reasons; unless you hear otherwise Smile

Posted: Tue Jan 24, 2012 10:46 am

Quote:

Also this would defeat what the fckeditor for and why have a source button option if you can't put source code in.

Fckeditor was never intended as a programming editor. The source button shows the actual html code generated and is sometimes needed when the editor doesn't do exactly what you want. It can also come in handy when someone pastes html text with a lot of extraneous codes in. But it is not meant to generate forms and input fields, actions and the like or, for instance to contain SQL queries against the database.

The paypal application could be programmed to allow the user to retrieve images from a directory at will and the person could be given the tools to upload them. However, in using the word "application" I am implying that Paypal related code is usually more complex than can be expressed well in a block file. You really need a module where forms have actions and those actions result in validation of entries before the data is sent off to Paypal. A single block file is not the best place for that.

Posted: Tue Jan 24, 2012 4:32 pm

I have had the problem with saving the information and finding it changed completely afterwards. I found that once I have all the information formatted the way I want it, I click the source, select all, and copy to my clipboard. Once I open the 'new submission' I then click source, select all and paste. Now the key thing is that I use the save disk icon and not the 'save changes' button.

I have used that for 2.30, 2.40, and 2.40.1. I have not entered any new artcles since upgrading to 2.5 though.

Posted: Tue Jan 24, 2012 4:40 pm

Yeah I didn't have any issues with all the previous versions. Just 2.5. Im not sure if the issue was done on purpose or not to keep form or input lines from being created/saved.

Posted: Sat Jan 28, 2012 5:51 pm

huntor, open admin/modules/blocks.php and edit line 40

Code:




$content = !empty($_POST['content']) ? check_html($_POST['content']) : '';

to this

Code:




$content = !empty($_POST['content']) ? check_html($_POST['content'], 'nocheck') : '';

Posted: Sat Jan 28, 2012 7:50 pm

Well that works. Question is this just a special case fix so it ignores checking html post??

If so I will have to keep this edit around for a while Wink