Thread

Greetings.

I’m doing the following in my path.php file:

$global_vars = array(
    "inclusive_stack" => "4&5;"
    );

When I display the variable in my template it has a semi-colon on the end, 4&5;

It’s got something to do with the ampersand and the global_vars array.

Any ideas?

It’s even doing it in the code above.  Let’s try it using & amp; instead and with no code highlighting…

$global_vars = array(
  “inclusive_stack” => “4&5”
  );

& #38;

?

Hello mate.

Nope that wouldn’t work because I’m using the path variable as a parameter value in the weblog:entries tag -  category=”{path_variable}”

It needs to be an ampersand rather than the HTML entity.  Just got to figure why a semi-colon is being added.

Saturday afternoon fun!

Is the semi colon the result of EE wanting to build the 5 into a character entity?

What if you used “five” instead of “5” what happens then?

It displays 4&five;

I think EE thinks anything with a & is considered an html-entity, and should be closed with a semicolon. I’ll take a look-see.

It’s gone beyond me I’m afraid…

Yup, the xss_clean() function that sanitizes all input data and keeps it safe will add the semicolon (line 614 in core.regex.php):

/*
* Validate standard character entities
*
* Add a semicolon if missing.  We do this to enable
* the conversion of entities to ASCII later.
*
*/
$str = preg_replace('#(&\#?[0-9a-z]+)[\x00-\x20]*;?#i', "\\1;", $str);

Guess that in this case, you’d have to create an extension to set the variable you want.

Thanks all.

Yep- Lodewijk nailed it.  It’s a known issue- a result of some security measures.  Since it comes up rarely and can usually be resolved by using the entity instead, (and the fix adds a lot of extra load to the parsing engine) it’s lingered a bit.  But the crew is a aware of it and keeping an eye on it for 2.0.