Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smarty notice fix on tell-a-friend #31808

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Smarty notice fix on tell-a-friend #31808

wants to merge 1 commit into from

Conversation

eileenmcnaughton
Copy link
Contributor

Overview

This addresses smarty notices :

PHP Warning: Undefined array key "friendText" in /.../wp-content/uploads/civicrm/templates_c/en_US/%%10/10E/10E3BF71%%ThankYou.tpl.php on line 24

Before

Notice present

After

Resolved

Technical Details

A secondary issue here is that tell-a-friend has been moved to an extension so it doesn't make sense to ensure the variable is always assigned by core - and indeed it should really be moved. My best idea at the moment is to 'help' the extension to inject it - although there is maybe no good answer - if I go this way though @seamuslee001 - what do you think re escaping / purifying - at the moment escaping is reduced by this patch

Comments

@civibot civibot
Copy link

civibot bot commented Jan 16, 2025

🤖 Thank you for contributing to CiviCRM! ❤️ We will need to test and review this PR. 👷

Introduction for new contributors...
  • If this is your first PR, an admin will greenlight automated testing with the command ok to test or add to whitelist.
  • A series of tests will automatically run. You can see the results at the bottom of this page (if there are any problems, it will include a link to see what went wrong).
  • A demo site will be built where anyone can try out a version of CiviCRM that includes your changes.
  • If this process needs to be repeated, an admin will issue the command test this please to rerun tests and build a new demo site.
  • Before this PR can be merged, it needs to be reviewed. Please keep in mind that reviewers are volunteers, and their response time can vary from a few hours to a few weeks depending on their availability and their knowledge of this particular part of CiviCRM.
  • A great way to speed up this process is to "trade reviews" with someone - find an open PR that you feel able to review, and leave a comment like "I'm reviewing this now, could you please review mine?" (include a link to yours). You don't have to wait for a response to get started (and you don't have to stop at one!) the more you review, the faster this process goes for everyone 😄
  • To ensure that you are credited properly in the final release notes, please add yourself to contributor-key.yml
  • For more information about contributing, see CONTRIBUTING.md.
Quick links for reviewers...

➡️ Online demo of this PR 🔗

@civibot civibot bot added the master label Jan 16, 2025
seamuslee001
seamuslee001 reviewed Jan 16, 2025
View reviewed changes
CRM/Event/Form/Registration/ThankYou.php Outdated
);
}
$extensionText[] = '"<div id="tell-a-friend" class="crm-section tell_friend_link-section">
<a href="' . $friendURL . '" title="{' . $friendText . '}" class="button"><span><i class="crm-i fa-chevron-right" aria-hidden="true"></i> ' . $friendText . '</span></a>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eileenmcnaughton these { are not right here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@seamuslee001 - I;ll check but wanted to check in on what you think I should do re purify / escape first

@seamuslee001
Copy link
Contributor

arguably this should be moved to the extension but i think we should be escaping the text as part of including it in the PHP String IMO as a defensive measure

@eileenmcnaughton
Copy link
Contributor Author

@seamuslee001 yeah - I'm just not sure what escaping we should be doing - html_entities on the first instance & purify on the second?

Sjord
Sjord reviewed Jan 17, 2025
View reviewed changes
CRM/Event/Form/Registration/ThankYou.php
);
}
$extensionText[] = '"<div id="tell-a-friend" class="crm-section tell_friend_link-section">
<a href="' . $friendURL . '" title="' . htmlentities($friendText) . '" class="button"><span><i class="crm-i fa-chevron-right" aria-hidden="true"></i> ' . CRM_Utils_String::purifyHTML($friendText) . '</span></a>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically, $friendURL also needs htmlentities, but it doesn't really matter in this case.

Sjord
Sjord reviewed Jan 17, 2025
View reviewed changes
templates/CRM/Event/Form/Registration/ThankYou.tpl
<a href="{$friendURL}" title="{$friendText|escape:'html'}" class="button"><span><i class="crm-i fa-chevron-right" aria-hidden="true"></i> {$friendText}</span></a>
</div><br /><br />
{/if}
{foreach from='extensionText' item='text'}
Copy link

@Sjord Sjord Jan 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be more clear if these variables are named extensionHtml and html, instead of extensionText and text. That makes it more clear that the variables should not be escaped, and that the lack of escaping is intentional.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seamuslee001 seamuslee001 seamuslee001 left review comments

@Sjord Sjord Sjord left review comments

Assignees
No one assigned
Labels
master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eileenmcnaughton @seamuslee001 @Sjord