<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yes, there are massive downsides. Anyone can put HTML entities, such
as links, alerts, Javascript, etc into the note box. Also, when it
is sent by email, they can insert MIME entities and headers to
include malware attachments in the message.<br>
<br>
You have opened up a *massive* security hole by doing this.<br>
<br>
Jules.<br>
<br>
On 08/11/2011 11:03, --[ UxBoD ]-- wrote:
<blockquote
cite="mid:8aa0d5cc-7e11-445e-a238-5710137edb88@office.splatnix.net"
type="cite">
<style type="text/css">p { margin: 0; }</style>
<div style="font-family: Courier New; font-size: 10pt; color:
#000000">Patrick,<br>
<br>
in NSSDropoff.php I have changed line 972:<br>
<br>
/* $smarty->assign('note', htmlentities($this->_note)); */<br>
$smarty->assign('note', $this->_note);<br>
<br>
basically to remove the htmlentities() function and then within
header.tpl added:<br>
<br>
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type"><br>
<br>
this has allowed the page to display Simplified Chinese and
Umlauts. Please try and let me know how you get on. Jules, any
downsides to this ?<br>
<div><span name="x"></span>-- <br>
Thanks, Phil<span name="x"></span><br>
</div>
<br>
<hr id="zwchr">
<blockquote style="border-left:2px solid rgb(16, 16,
255);margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;">
<style>p { margin: 0; }</style>
<div style="font-family: Courier New; font-size: 10pt; color:
#000000">I agree Patrick. I have changed the MySQL database
and tables to use UTF8 but the chinese and umlauts still do
not show :(<br>
<br>
<div><span></span>-- <br>
Thanks, Phil<span></span><br>
</div>
<br>
<hr id="zwchr">
<blockquote style="border-left:2px solid rgb(16, 16,
255);margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;">
<p><font face="sans-serif" size="2">Would be also
interesting for German --> characters like äöüß
....</font><br>
<br>
<font face="sans-serif" size="2">Mit freundlichen Grüßen
/ Best regards<br>
<br>
Patrick Gaikowski<br>
Tel: +49 7132 94 3568<br>
Fax: +49 7132 94 73568<br>
E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:patrick.gaikowski@kaufland.com">patrick.gaikowski@kaufland.com</a><br>
KI 967850: IT International / IT Governance / Netzwerk
Design und IT-Sicherheit<br>
Office:<br>
Lindichstrasse 11<br>
D-74189 Weinsberg</font><br>
<br>
<br>
<br>
<font face="sans-serif" size="2"><a
moz-do-not-send="true" href="http://www.kaufland.de"
target="_blank">http://www.kaufland.de</a> </font><br>
<font face="sans-serif" size="2"><a
moz-do-not-send="true"
href="http://www.spannende-it.de" target="_blank">http://www.spannende-it.de</a></font><br>
<font face="sans-serif" size="2">Wir sind die Nr. 1:</font><br>
<font face="sans-serif" size="2">Kaufland ist "Bester
Lebensmittelmarkt 2011"!</font><br>
<br>
<font face="sans-serif" size="2">Kaufland
Informationssysteme GmbH & Co. KG</font><br>
<font face="sans-serif" size="2">Postfach 12 53 - 74149
Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Amtsgericht Stuttgart HRA 104163</font><br>
<br>
<br>
<br>
<br>
<br>
</p>
<ul style="padding-left: 18pt">
<img src="cid:part1.06020308.04090908@Zend.To"
alt="Inactive hide details for "--[ UxBoD
]--" ---07.11.2011 10:40:13---"--[ UxBoD
]--" <uxbod@splatnix.net>" border="0"
height="16" width="16"><font color="#424282"
face="sans-serif" size="2">"--[ UxBoD ]--"
---07.11.2011 10:40:13---"--[ UxBoD ]--"
<a class="moz-txt-link-rfc2396E" href="mailto:uxbod@splatnix.net"><uxbod@splatnix.net></a></font>
</ul>
<table border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr valign="top">
<td width="40%">
<ul style="padding-left: 9pt">
<font face="sans-serif" size="1"><b>"--[ UxBoD
]--" <a class="moz-txt-link-rfc2396E" href="mailto:uxbod@splatnix.net"><uxbod@splatnix.net></a></b></font><font
face="sans-serif" size="1"> </font><br>
<font face="sans-serif" size="1">Gesendet von:
<a class="moz-txt-link-abbreviated" href="mailto:zendto-bounces@zend.to">zendto-bounces@zend.to</a></font>
<p><font face="sans-serif" size="1">07.11.2011
10:39</font>
<table border="1">
<tbody>
<tr valign="top">
<td bgcolor="#FFFFFF" width="168">
<ul style="padding-left: 0pt">
<font face="sans-serif" size="1">Bitte
antworten an<br>
ZendTo Users
<a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a></font>
</ul>
</td>
</tr>
</tbody>
</table>
</p>
</ul>
</td>
<td width="60%">
<table border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part2.04060301.01000107@Zend.To"
alt="" border="0" height="1" width="66"><br>
</td>
<td width="100%"><img
src="cid:part2.04060301.01000107@Zend.To"
alt="" border="0" height="1" width="1"><br>
<font face="sans-serif" size="1"><a class="moz-txt-link-abbreviated" href="mailto:zendto@zend.to">zendto@zend.to</a></font></td>
</tr>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part2.04060301.01000107@Zend.To"
alt="" border="0" height="1" width="66"><br>
</td>
<td width="100%"><img
src="cid:part2.04060301.01000107@Zend.To"
alt="" border="0" height="1" width="1"><br>
</td>
</tr>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part2.04060301.01000107@Zend.To"
alt="" border="0" height="1" width="66"><br>
<div align="right"><font face="sans-serif"
size="1">Thema </font></div>
</td>
<td width="100%"><img
src="cid:part2.04060301.01000107@Zend.To"
alt="" border="0" height="1" width="1"><br>
<font face="sans-serif" size="1">[ZendTo]
Simplified Chinese</font></td>
</tr>
</tbody>
</table>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr valign="top">
<td width="58"><img
src="cid:part2.04060301.01000107@Zend.To"
alt="" border="0" height="1" width="1"></td>
<td width="336"><img
src="cid:part2.04060301.01000107@Zend.To"
alt="" border="0" height="1" width="1"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Courier" size="2">Would any of you know how to
get simplified Chinese to display correctly in the
comments field for a drop-off ?</font><br>
<font face="Courier" size="2">-- <br>
Thanks, Phil</font><br>
<tt><font size="2">_______________________________________________<br>
ZendTo mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
</font></tt><tt><font size="2"><a moz-do-not-send="true"
href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto"
target="_blank">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></font></tt><br>
<br>
_______________________________________________<br>
ZendTo mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></blockquote>
<br>
</div>
<br>
_______________________________________________<br>
ZendTo mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></blockquote>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CITP CEng
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
I see it shining plain,
The happy highways where I went,
And cannot come again.' - A.E. Houseman
</pre>
</body>
</html>