JAK Lightbox code generation bug - not escaping file names
Posted: 06 Dec 2009, 00:16
My galleries are using the JAK Lightbox slideshow. If an image in the category has a single quote in the filename the category will not display the JAK Lightbox viewer. In debugging this issue I determined that the PHP code is not properly escaping file names, thus the generated javascript is bad. Here's an example (notice the malformed javascript):
{
alt: '19 Nick'
s Cove - 99 ',description: '
19 Nick 's Cove-99',
small: {
url: '/images/phocagallery/Slide Shows/2008 Spring/Chick Harrity/thumbs/phoca_thumb_m_19 Nick'
s Cove - 99.jpg '},big: {url: ' / images / phocagallery / Slide Shows / 2008 Spring / Chick Harrity / thumbs / phoca_thumb_l_19 Nick 's Cove-99.jpg'
}
},
I isolated the problem in this file: components\com_phocagallery\views\category\view.html.php. Starting around line 962:
// pjp: add calls to addslashes in the section below
$items[$iS]->linknr = $iM;
$tmpl['jakdatajs'][$iS] = "{alt: '".addslashes($items[$iS]->title)."',";
if ($descriptionJakJs != '') {
$tmpl['jakdatajs'][$iS] .= "description: '".addslashes($descriptionJakJs)."',";
} else {
$tmpl['jakdatajs'][$iS] .= "description: ' ',";
}
$tmpl['jakdatajs'][$iS] .= "small: {url: '".JURI::base(true).'/'.addslashes($thumbLinkM->rel)."'},"
."big: {url: '".JURI::base(true).'/'.addslashes($imgLink)."'} }";
// pjp: end of my changes
In the above code I added the calls to "addslashes()" and that fixed the problems:
{
alt: '19 Nick\'s Cove-99',
description: '19 Nick\'s Cove-99',
small: {
url: '/ccc/images/phocagallery/Members/Chick Harrity/thumbs/phoca_thumb_m_19 Nick\'s Cove-99.jpg'
},
big: {
url: '/ccc/images/phocagallery/Members/Chick Harrity/thumbs/phoca_thumb_l_19 Nick\'s Cove-99.jpg'
}
},
Perhaps there is a better place to fix this issue.
I am using version 2.5.8
{
alt: '19 Nick'
s Cove - 99 ',description: '
19 Nick 's Cove-99',
small: {
url: '/images/phocagallery/Slide Shows/2008 Spring/Chick Harrity/thumbs/phoca_thumb_m_19 Nick'
s Cove - 99.jpg '},big: {url: ' / images / phocagallery / Slide Shows / 2008 Spring / Chick Harrity / thumbs / phoca_thumb_l_19 Nick 's Cove-99.jpg'
}
},
I isolated the problem in this file: components\com_phocagallery\views\category\view.html.php. Starting around line 962:
// pjp: add calls to addslashes in the section below
$items[$iS]->linknr = $iM;
$tmpl['jakdatajs'][$iS] = "{alt: '".addslashes($items[$iS]->title)."',";
if ($descriptionJakJs != '') {
$tmpl['jakdatajs'][$iS] .= "description: '".addslashes($descriptionJakJs)."',";
} else {
$tmpl['jakdatajs'][$iS] .= "description: ' ',";
}
$tmpl['jakdatajs'][$iS] .= "small: {url: '".JURI::base(true).'/'.addslashes($thumbLinkM->rel)."'},"
."big: {url: '".JURI::base(true).'/'.addslashes($imgLink)."'} }";
// pjp: end of my changes
In the above code I added the calls to "addslashes()" and that fixed the problems:
{
alt: '19 Nick\'s Cove-99',
description: '19 Nick\'s Cove-99',
small: {
url: '/ccc/images/phocagallery/Members/Chick Harrity/thumbs/phoca_thumb_m_19 Nick\'s Cove-99.jpg'
},
big: {
url: '/ccc/images/phocagallery/Members/Chick Harrity/thumbs/phoca_thumb_l_19 Nick\'s Cove-99.jpg'
}
},
Perhaps there is a better place to fix this issue.
I am using version 2.5.8