Model attributes converted to HTML incorrectly

yapsr commented 6 years ago

Describe the bug When updating a model attribute (blog title, event title, page title, faq question, menu name or widget name), the attribute gets converted to HTML. The input is HTML escaped every time.

To Reproduce Steps to reproduce the behavior:

Go to 'CMS'
Click on 'Pages'
Click on 'Edit' of a row
Add a special html character into the title box, i.e. "Sons & Daughters"
Click Save. The title box shows "Sons & Daughters"
Click Save again. The title box shows "Sons &amp; Daughters"

Expected behavior The value of the attributes should be displayed exactly at it was entered.

Additional context These lines convert user input to html incorrectly:

vendor\grafite\cms\src\Repositories
BlogRepository.php
        $payload['title'] = htmlentities($payload['title']);
        $payload['title'] = htmlentities($payload['title']);
EventRepository.php
        $payload['title'] = htmlentities($payload['title']);
        $payload['title'] = htmlentities($payload['title']);
FAQRepository.php
        $payload['question'] = htmlentities($payload['question']);
        $payload['question'] = htmlentities($payload['question']);
MenuRepository.php
        $payload['name'] = htmlentities($payload['name']);
        $payload['name'] = htmlentities($payload['name']);
PageRepository.php
        $payload['title'] = htmlentities($payload['title']);
        $payload['title'] = htmlentities($payload['title']);
WidgetRepository.php
        $payload['name'] = htmlentities($payload['name']);
        $payload['name'] = htmlentities($payload['name']);

Possible solution Remove these lines.

yapsr commented 5 years ago

@mlantz Could you give your opinion on this, please? I'm running into this and it's a problem.

yapsr commented 5 years ago

@mlantz Could you please look into this, please? If requested I can make a simple pull request with the changes.

GrafiteInc / CMS

Model attributes converted to HTML incorrectly #168