Forums | Mahara Community

Developers /
Error after 1.2.3 upgrade to 1.4


anonymous profile picture
Account deleted
Posts: 13

23 June 2011, 9:53

Hi everyone,

i have just upgrade our Mahoodle site from 1.2 to 1.4 but i get this code on the top of my page,

<script type="text/javascript">var strings = {"namedfieldempty":"The required field \"%s\" is empty","processing":"Processing","requiredfieldempty":"A required field is empty","unknownerror":"An unknown error occurred (0x20f91a0)","loading":"Loading ...","showtags":"Show my tags","unreadmessages":"unread messages","unreadmessage":"unread message","pendingfriend":"pending friend","pendingfriends":"pending friends","couldnotgethelp":"An error occurred trying to retrieve the help page","password":"Password","username":"Username","login":"Login","sessiontimedout":"Your session has timed out, please enter your login details to continue","loginfailed":"You have not provided the correct credentials to log in. Please check your username and password are correct.","home":"Home","youhavenottaggedanythingyet":"You have not tagged anything yet"};</script> <link rel="stylesheet" type="text/css" href="http://moodle.clydebank.ac.uk/mahara/theme/views.css"> <script type="text/javascript">$j=jQuery;</script>

 

We have a custom theme and this error is both in I.E8 and FireFox 3.

Any ideas or help?

thanks

john

anonymous profile picture
Account deleted
Posts: 4

23 June 2011, 13:48

When I upgraded from 1.2.3 to 1.3 I had to put in |safe inside  all variable brackets in my custom .tpl files. I.e. instead of {$var} it had to say {$var|safe}

I am still not entirely sure what this does, but it fixed my problem.

anonymous profile picture
Account deleted
Posts: 808

23 June 2011, 17:42

Between 1.2 & 1.3, we changed the way variables in templates are processed.  Their contents are now always html-escaped by default before output, in an attempt to stop careless developers like myself from inadvertently creating new cross-site scripting opportunities.

If you're sure all your variables are escaped correctly in your custom templates, an alternative to adding "|safe" to every variable is to add "{auto_escape off}" at the top of the template, and "{/auto_escape}" at the bottom.

François Marier's profile picture
Posts: 411

23 June 2011, 19:04

Note that you should ideally only add "|safe" to the variables that you know contain HTML. The ones that don't have HTML (e.g. they're just text) can continue to make use of the automatic escaping of values.

Cheers,

Francois

anonymous profile picture
Account deleted
Posts: 4

24 June 2011, 4:05

Ah, that is good to know - thanks Francois and Richard!

anonymous profile picture
Account deleted
Posts: 13

27 June 2011, 2:52

Thanks all for the replys.

I'll have a look at the suggestions and see how i get on.

thanks

John

6 results