|
Jane Baillie
|
May 7, 2014 at 2:44 am
Hi guys. Was hoping for some help with this. I have recently inherited a site from a previous designer and have run into some issues. If out client adds and Quotes to their ‘event meta’ it breaks our code and the data is not displayed.
Here is a printr of the event meta for a particular event that is causing issues:
<code>Array
(
[default_payment_status] =>
[venue_id] => 0
[additional_attendee_reg_info] => 2
[add_attendee_question_groups] => Array
(
[1] => 1
)
[date_submitted] => February 27, 2014
[event_name_again] => Mentoring to strengthen teachers\' career-long professional learning
[event_short_description] => Representatives from a partnership project involving two universities, two local authorities and two clusters of primary and secondary schools will share their experiences of the impact of mentoring on teachers professional learning . The project engaged teachers with mentoring strategies to support each other in their career-long professional learning.
[speaker_name] => Kay Livingston
[speaker_organisation] => Glasgow University
[is_keynote] => 0
)</code>
The following is in customfunctions.php to add the custom event fields to an event:
<code>$event_meta = ! empty( $event_meta ) ? $event_meta : ee_default_event_meta();
$good_meta = $event_meta;
printr( $event_meta, '$event_meta <br /><span style="font-size:10px;font-weight:normal;">' . __FILE__ . '<br />line no: ' . __LINE__ . '</span>', 'auto' );
?>
<table>
<tr>
<td><div style="overflow:hidden; width:0;"><input size="20" type="text" value="event_name_again" name="emeta[]" id="emeta[]" style="visibility:hidden;"></div></td>
<td style="vertical-align:top;"><label for="emetad[]"><?php _e('Seminar Title: ', 'event_espresso'); ?> </label></td>
<td><input size="20" type="text" value="<?php echo $good_meta['event_name_again'] ?>" name="emetad[]" id="emetad[]"></td>
</tr>
<tr>
<td><div style="overflow:hidden; width:0;"><input size="20" type="text" value="event_short_description" name="emeta[]" id="emeta[]" style="visibility:hidden;"></div></td>
<td style="vertical-align:top;"><label for="emetad[]"><?php _e('Short Description: ', 'event_espresso'); ?> </label></td>
<td><textarea name="emetad[]" id="emetad[]" cols="30" rows="10"><?php echo $good_meta['event_short_description'] ?></textarea></td>
</tr>
<tr>
<td><div style="overflow:hidden; width:0;"><input size="20" type="text" value="speaker_name" name="emeta[]" id="emeta[]" style="visibility:hidden;"></div></td>
<td style="vertical-align:top;"><label for="emetad[]"><?php _e('Speaker Name: ', 'event_espresso'); ?> </label></td>
<td><input size="20" type="text" value="<?php echo $good_meta['speaker_name'] ?>" name="emetad[]" id="emetad[]"></td>
</tr>
<tr>
<td><div style="overflow:hidden; width:0;"><input size="20" type="text" value="speaker_organisation" name="emeta[]" id="emeta[]" style="visibility:hidden;"></div></td>
<td style="vertical-align:top;"><label for="emetad[]"><?php _e('Speaker Organisation: ', 'event_espresso'); ?> </label></td>
<td><input size="20" type="text" value="<?php echo $good_meta['speaker_organisation'] ?>" name="emetad[]" id="emetad[]"></td>
</tr>
<tr>
<td><div style="overflow:hidden; width:0;"><input size="20" type="text" value="is_keynote" name="emeta[]" id="emeta[]" style="visibility:hidden;"></div></td>
<td style="vertical-align:top;"><label for="emetad[]"><?php _e('Keynote Session: ', 'event_espresso'); ?> </label></td>
<td>
<select name="emetad[]" id="emetad[]">
<option value="0">No</option>
<option value="1" <?php if($good_meta['is_keynote']){ echo "selected"; } ?>>Yes</option>
</select>
</td>
</tr>
</table></code>
I use the following code to echo out the event meta:
<code>$event_meta = get_post_meta($post->ID, 'event_meta');
$event_meta = unserialize($event_meta[0]);
echo $event_meta['event_name_again'];</code>
This works fine if there are no escape characters in the meta. However the unserialize() function just skips any any entries with escape characters and displays nothing.
So my question is twofold.
Can I prevent quotes being added to the event meta with some sort of validation?
Or
How do a appropriately deal with $event_meta array to handle the escape characters?
Any help would be appreciated as I have hit a brick wall.
|
|
Tony
|
May 7, 2014 at 5:33 am
Hi Jane,
Unfortunately the forum editor alters code when posted.
Could you add the code to a service such as pastebin and link it here so we can view it please?
Depending on what your are trying to achieve we may also have other ways to pull the information you need.
|
|
Jane Baillie
|
May 7, 2014 at 5:52 am
Thanks for reply:
printr of events meta for event that causes issue:
http://pastebin.com/PSjN98jk
Code in Customfunctions.php for adding custom fields control to Event Post:
http://pastebin.com/DZ5w5rfp
Echoing out the event meta in template:
http://pastebin.com/jUz5uS20
THanks in advance!
|
|
Josh
|
May 7, 2014 at 10:59 am
Hi there,
I’d first recommend trying some stripslashes like this:
echo stripslashes($event_meta['event_name_again']);
|
|
Jane Baillie
|
May 8, 2014 at 1:58 am
Hi Josh. Thanks for reply. Sorry I may not have explained myself properly. Once I run the unserialize function it ‘skips’ any iterations with the aforementioned escape characters included so if I ran the echo as suggested I would get a NULL for that particular event_meta.
|
|
Tony
|
May 8, 2014 at 6:16 am
Hi Jane,
Is the $event_meta actually serialized?
Your code doesn’t show how you are getting the print_r output so I can’t tell, but this:
$event_meta = unserialize($event_meta[0]);
Does not seem correct.
If you do
print_r($event_meta);
in place of that line of code, what output do you get?
|
|
Jane Baillie
|
May 8, 2014 at 6:28 am
Hey Tony. It is a good question if it is actually serialized. I’m not sure how to tell. All I know is that i can’t reference individual elements in the array unless I run the events meta through the unserialise function.
Here is the result of the printr you asked for. Note it is a HUGE list of event meta. Most of which have just placeholder content.
http://pastebin.com/MMPHSieg
Thanks.
|
|
Tony
|
May 8, 2014 at 8:49 am
Hi Jane,
Yes $event_meta is serialized.
I think I can see the problem, can you enabled WP_Debug and run your original code.
Look for:
Notice: unserialize(): Error at offset…
It may be dependant on your PHP version if this is shown.
|
|
Jane Baillie
|
May 8, 2014 at 8:57 am
Yeah. Got that error you asked me to look out for:
Notice: unserialize(): Error at offset 305 of 824 bytes in /app/multimedia/htdocs/production/scotlearning2/wp-content/themes/scottish_learning/template-event_list.php on line 58 Notice: Undefined index: 10.30 in /app/multimedia/htdocs/production/scotlearning2/wp-content/themes/scottish_learning/template-event_list.php on line 62
What is the next step for me then?
|
|
Tony
|
May 8, 2014 at 2:42 pm
OK, to explain what I think is happening…
Basically Serialize() takes things like arrays and objects and converts them a storable value within the database, which can only store ints, strings etc.
So here is the serialized string representation of your event_meta array:
{a:10:s:22:"default_payment_status";s:0:"";s:8:"venue_id";i:0;s:28:"additional_attendee_reg_info";s:1:"2";s:28:"add_attendee_question_groups";a:1:{i:1;s:1:"1";}s:14:"date_submitted";s:17:"February 27, 2014";s:16:"event_name_again";s:68:"Mentoring to strengthen teachers' career-long professional learinng";s:23:"event_short_description";s:355:"Representatives from a partnership project involving two universities, two local authorities and two clusters of primary and secondary schools will share their experiences of the impact of mentoring on teachers professional learning . The project engaged teachers with mentoring strategies to support each other in their career-long professional learning.";s:12:"speaker_name";s:14:"Kay Livingston";s:20:"speaker_organisation";s:18:"Glasgow University";s:10:"is_keynote";s:1:"0";}
So this is the section causing issue:
s:68:"Mentoring to strengthen teachers' career-long professional learinng";
S: means a string.
68 is the amount of characters within that string.
However that string is NOT 68 chars long.
“Mentoring to strengthen teachers\’ career-long professional learinng”
That string is. (notice the \ to escape the ‘)
So I think your input is being escaped, then serialized, then the slashes removed.
What happens then is the length of the string is incorrect and unserialize() fails (showing the error you found)
The current setup is a little strange, but without the full code its hard to tell. For example we can’t see how those fields are added to the event editor nor how they are saved.
Could you not use the regular ee meta fields?
|
|
Jane Baillie
|
May 12, 2014 at 6:28 am
Thanks for your reply Tony.
Here is the function we are using to add a control to the CMS to allow the client to add meta data to the event. Can we add a control here to prevent the escape characters?
http://pastebin.com/Beq9mCmW
I have tried the regular ee meta fields but I am experiencing the same behaviour.
|
|
Jane Baillie
|
May 12, 2014 at 6:39 am
Sorry. Just to clarify. We are using the regular events meta fields, but having the same issue with echoing out using the shortcode. The above code I mentioned is used to add the events meta control to the EVENT ESPRESSO > EVENT OVERVIEW > EVENT PAGE in the admin.
|
|
Jane Baillie
|
May 12, 2014 at 6:47 am
Here is the events meta as displayed on the standard Events page fields:
|
|
Jane Baillie
|
May 12, 2014 at 6:48 am
Sorry that didn’t work:
|
|
Josh
|
May 13, 2014 at 8:17 am
Hi Jane,
You might try running some input validation functions on your input fields. The WordPress codex has a list of functions that you can use:
http://codex.wordpress.org/Data_Validation#Input_Validation
|
|
Jane Baillie
|
May 13, 2014 at 8:28 am
Thanks Josh. I’ve had a quick look into this the last few days and got a bit overwhelmed.
Am I right to be looking at
includes/event-management/update_event.php around line 309?
From that validation link sanitize_html_class certainly looks like it would be on the right track?
|
|
Tony
|
May 13, 2014 at 11:39 am
Hi Jane,
I’ve been looking over this and copied your custom function to my custom_functions.php to test.
The problem is when displaying the meta data you currently display it ‘as is’ when pulled from the database. This means any escaping characters are displayed, then if you update the event those characters are escaped, so escaping the escaped characters.
So in the case of:
“Mentoring to strengthen teachers’ career-long professional learinng”
When the event is created the ‘ is escaped and saved to the database. so:
“Mentoring to strengthen teachers\’ career-long professional learinng”
Now if you return to the event and look at that meta data, then update the event making no changes, you’ll end up with something like
“Mentoring to strengthen teachers\\\’ career-long professional learinng”
Escaping the escaped characters, and this continues the more your save.
To fix simply mirror what the original function does when outputting the data.
So have a look at event-espresso/includes/admin-files/functions.php line 381 (part of the original event_espresso_meta_edit() function that your custom one overrides)
Notice the value section, this the where the data is output and uses:
<input size="20" type="text" value="<?php echo htmlentities( stripslashes( $v ), ENT_QUOTES, 'UTF-8' ); ?>" name="emetad[]" id="emetad[]" />
Notice the data to be output is put through htmlentities() and stripslashes(), do the same with your meta data when outputting to the browser. So for example, line 32 of your custom_functions.php file:
<td><input size="20" type="text" value="<?php echo $good_meta['event_name_again'] ?>" name="emetad[]" id="emetad[]"></td>
Wrap the output in those functions mentioned above in the same way EE3 does by default, like so:
<td><input size="20" type="text" value="<?php echo htmlentities( stripslashes($good_meta['event_name_again']), ENT_QUOTES, 'UTF-8' ) ?>" name="emetad[]" id="emetad[]"></td>
Repeat this for all your meta data. Obviously altering $good_meta[‘event_name_again’] to display the correct values.
This is outside the scope of support but I wanted to double check this wasn’t a bug with how EE3 handled the meta data, in doing so found your issue.
Hope that helps 🙂
|
|
Tony
|
May 13, 2014 at 11:41 am
I should add, once you’ve done the above, you’ll need to edit the event, remove any \ within the data field and then re-save the event data to save the correct data to the Database.
|
|
Jane Baillie
|
May 14, 2014 at 2:45 am
Tony. A thousand thanks for that. This solution worked perfectly! Cannot thank you enough!
|
