[ZendTo] Re: Antwort: Simplified Chinese

Jules Jules at Zend.To
Thu Nov 10 12:22:18 GMT 2011 

Yes, there are massive downsides. Anyone can put HTML entities, such as 
links, alerts, Javascript, etc into the note box. Also, when it is sent 
by email, they can insert MIME entities and headers to include malware 
attachments in the message.

You have opened up a *massive* security hole by doing this.

Jules.

On 08/11/2011 11:03, --[ UxBoD ]-- wrote:
> Patrick,
>
> in NSSDropoff.php I have changed line 972:
>
> /* $smarty->assign('note', htmlentities($this->_note)); */
> $smarty->assign('note', $this->_note);
>
> basically to remove the htmlentities() function and then within 
> header.tpl added:
>
> <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
>
> this has allowed the page to display Simplified Chinese and Umlauts. 
> Please try and let me know how you get on.  Jules, any downsides to this ?
> -- 
> Thanks, Phil
>
> ------------------------------------------------------------------------
>
>     I agree Patrick. I have changed the MySQL database and tables to
>     use UTF8 but the chinese and umlauts still do not show :(
>
>     -- 
>     Thanks, Phil
>
>     ------------------------------------------------------------------------
>
>         Would be also interesting for German --> characters like äöüß ....
>
>         Mit freundlichen Grüßen / Best regards
>
>         Patrick Gaikowski
>         Tel:     +49 7132 94 3568
>         Fax:    +49 7132 94 73568
>         E-Mail: patrick.gaikowski at kaufland.com
>         KI 967850: IT International / IT Governance / Netzwerk Design
>         und IT-Sicherheit
>         Office:
>         Lindichstrasse 11
>         D-74189 Weinsberg
>
>
>
>         http://www.kaufland.de
>         http://www.spannende-it.de
>         Wir sind die Nr. 1:
>         Kaufland ist "Bester Lebensmittelmarkt 2011"!
>
>         Kaufland Informationssysteme GmbH & Co. KG
>         Postfach 12 53 - 74149 Neckarsulm
>         Kommanditgesellschaft
>         Sitz: Neckarsulm
>         Registergericht: Amtsgericht Stuttgart HRA 104163
>
>
>
>
>
>             Inactive hide details for "--[ UxBoD ]--" ---07.11.2011
>             10:40:13---"--[ UxBoD ]--" <uxbod at splatnix.net>"--[ UxBoD
>             ]--" ---07.11.2011 10:40:13---"--[ UxBoD ]--"
>             <uxbod at splatnix.net> 
>
>             *"--[ UxBoD ]--" <uxbod at splatnix.net>*
>             Gesendet von: zendto-bounces at zend.to
>
>             07.11.2011 10:39
>                 Bitte antworten an
>                 ZendTo Users <zendto at zend.to> 
>
>         	
>
>         	
>         zendto at zend.to
>
>         	
>
>         Thema
>         	
>         [ZendTo]  Simplified Chinese
>
>         	
>
>
>         Would any of you know how to get simplified Chinese to display
>         correctly in the comments field for a drop-off ?
>         -- 
>         Thanks, Phil
>         _______________________________________________
>         ZendTo mailing list
>         ZendTo at zend.to
>         http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>         _______________________________________________
>         ZendTo mailing list
>         ZendTo at zend.to
>         http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>
>
>     _______________________________________________
>     ZendTo mailing list
>     ZendTo at zend.to
>     http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CITP CEng
www.Zend.To

Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
  I see it shining plain,
  The happy highways where I went,
  And cannot come again.' - A.E. Houseman

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20111110/ede4c165/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20111110/ede4c165/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 45 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20111110/ede4c165/attachment-0001.gif

More information about the ZendTo mailing list