Silverstripe CMS wysiwyg incorrectly decoding/encoding quotes

1
votes

I've encountered an issue that I've never come across before with Silverstripe when saving content in the CMS.

When saving in the Content wysiwyg (or any other fields I've added), it is escaping the quotes and apostrophies ie. When applying a style to a piece of content through the style dropdown to make the underlying HTML:

<p class="my-style">lorem ipsum</p>

When I press save, the page reloads and the style is not shown. When inspecting the HTML put back into the wysiwyg, I am getting:

<p class="\&quot;my-style\&quot;">lorem ipsum</p>

Initially, my thoughts were that the content field was maybe set to Text rather than HTMLText but I've checked and found this not to be the case.

Anyone have any ideas? I've built numerous sites in Silverstripe previously and this is the first time I've encountered this behaviour.

I'm using 3.1.0

Cheers

2
wysiwygsilverstripe

2 Answers

1
votes

Very peculiar...

I read the symtpoms as a double double quote, if you parse

<p class="\&quot;my-style\&quot;">lorem ipsum</p>

it's going to appear as

<p class=""my-style"">lorem ipsum</p>

I usually define my styles in the typography.css file and it automatically appears in the "Styles" drop-down in the WYSIWYG editor.

Can you try this out and let me know if it helps?

Thanks!

1
votes

As I've mentioned I think this is a PHP issue and an issue of escaping double/single quotes. It's a symptom of magic quotes.

Magic Quotes was a "(annoying) security feature" enabled by default in PHP < 5.3.0 and deprecated in > 5.4.0

In a jist here's what magic quotes does (taken from php website)

When on, all ' (single-quote), " (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does.

This may be what you are experiencing.

Disabling Magic Quotes

On to the solution.

If you have access to your main php.ini, just turn it off like so:

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

If you don't have have access to the main php.ini:

add this line to the root .htaccess file (if you're using apache mod_php)

php_flag magic_quotes_gpc Off

or if you're running PHP as a CGI, create a php.ini file on your document root and put the previously mentioned snippet for php.ini.

Hope this helps!