Download & Extend
Booktree » Issues

booktree.module prints an "n/a" at the top when viewed.

Posted by mdlamar on October 19, 2009 at 6:14pm
Project:Booktree
Version:6.x-1.4
Component:Code
Category:bug report
Priority:normal
Assigned:mdlamar
Status:needs review

Issue Summary

Using booktree 6.x-1.4 multi-site setup on Drupal 6.14 with a custom theme.
I narrowed down the offending code to this line:

  drupal_set_title(check_plain($node->title));
>  $content = '<p>'. check_markup($node->body, $node->format, FALSE) .'</p>';
  $ricursione = 1;

The root node is set to 0 in order to display the contents of all the books' sub-trees in the site.
But on the first line when viewing mysite.org/site_name/booktree printed n/a
I changed the line to
$content = '<h1>'. variable_get('site_name') .'</h1>';
so it now displays the site name at the top. I'm not sure if the check_markup call was really important in certain situations, but it might be worth changing the module in future releases so it doesn't print out n/a.
My personal fix probably isn't an acceptable solution because some people want to display the content of specific books rather than the entire site's sub-trees.
Please comment why the call to check_markup was returning n/a if you have an idea on that, or challenge me to write up some conditionals to either print the site_name if the root node is 0 or the root node's title. Or if you have time, write it yourself and contrib! :)

Thanks,
Milo

Login or register to post comments

Comments

#1

Posted by mdlamar on October 23, 2009 at 4:31pm

sorry it was variable_get('site_name', '') ... i forgot the 2nd arg.

#2

Posted by Uccio on November 9, 2009 at 6:48pm

Attention: The check_markup call is really important to prevent XSS attack of yours system.

To fix this issue you can move all your books in a root book node.

#3

Posted by mdlamar on November 10, 2009 at 7:10pm

Thank you for the reply. I'll check into doing that while preserving the navigation look. Is there if you know an easy way to toggle display of the root book while still displaying its sub-books, do advise :)

#4

Posted by mdlamar on November 10, 2009 at 7:12pm

I also am concerned about the cross site scripting vulnerability. Is there a way to detect such scripting?

#5

Posted by mdlamar on November 10, 2009 at 7:29pm

Ultimately the easiest, quickest, and safest fix for me is to just put the check_markup return in a hidden div.

#6

Posted by Mo on October 6, 2010 at 7:17pm

I modified it this way. Line 124 and 125.

drupal_set_title(check_plain($node->title?$node->title:variable_get('site_name', '')));
$content = '<p>'. check_markup($node->body?$node->body:"", $node->format, FALSE) .'</p>';

#7

Posted by mdlamar on November 1, 2010 at 2:38pm

That's a good fix, Mo! That should be committed to the module. I'll make a patch. I'll have to figure out the naming conventions for drupal patches, but here's a preliminary.

AttachmentSize
booktree.patch 692 bytes
nobody click here