We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Snippets reject php code by converting them to html entities

September 13, 2011 8:53am

Subscribe [2]

  • #16 / Oct 28, 2011 12:52pm

    Lisa Wess

    20502 posts

    mod_security would be my bet, Panos; and IIRC MediaTemple does run mod_security, but I haven’t seen a similar report previously. 

    Let me know what you find out!

  • #17 / Oct 28, 2011 5:15pm

    Panos S.

    58 posts

    Lisa I just received a reply from mediatemple’s support that mod_security is not in use on our clusters:

    ‘mod_security’ is not in use on the (gs) Grid-Service.  Something is converting the characters, which may be due to a PHP directive, or the data being passed through one of the PHP functions ‘htmlspecialchars’, or ‘htmlentities’.

    Any ideas on what else could be wrong?

  • #18 / Oct 30, 2011 10:12pm

    Dan Decker

    7338 posts

    Hi Panos S.,

    Do you recall any changes that were made between when this functioned properly and when it began exhibiting this behavior? Have you made sure that all of your add-ons are up-to-date? And lastly, would you have an chance to update to the latest version of ExpressionEngine, 2.3.1?

    Cheers,

  • #19 / Oct 31, 2011 5:09am

    Panos S.

    58 posts

    Hi Dan,
    I noticed this behavior without making any changes that I am aware of. I have the latest version of ee installed (v.2.3.1 build 20111017).
    I will update every add-on I have in case there’s a problem there, and let you know as soon as I have news.
    Thank you for your interest.

  • #20 / Nov 01, 2011 10:04pm

    Dan Decker

    7338 posts

    Panos,

    Keep us posted on your progress.

    Cheers,

  • #21 / Nov 21, 2011 9:47am

    Panos S.

    58 posts

    Lisa, Dan
    I found the solution to the problem.
    I set the ‘global_xss_filtering’ to false in config.php and now everything works.
    Is this supposed to be correct?
    Shouldn’t the snippets fields accept php code and html tags, regardless of the global_xss_filtering settings?

  • #22 / Nov 22, 2011 3:22pm

    Dan Decker

    7338 posts

    Hi Panos,

    I ran a quick test on my local install with this code:

    <?php

echo "this is a snippet test";

?>

    It executed properly with ‘global_xss_filtering’ on or off, so that leads me to believe that it is something to do with your host. Is your database on a separate server? Now that you have this sorted out, is there anything else I can do to help you?

    Thanks!

  • #23 / Feb 04, 2012 4:55am

    jlheine69

    2 posts

    I encountered this same issue on my server, with 2.4 and Panos’ fix also resolved the issue for me. It affected primarily the ‘<’ and ‘>’ for tags on PHP and table TR & TD tags. Not sure why this wasn’t an issue before, but it only presented itself recently.

    HTH someone.

  • #24 / Feb 06, 2012 7:57pm

    Sean C. Smith

    3818 posts

    jlheine69,

    Thanks for posting and letting us know that the fix worked for you.

    Sean

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register