We're using the LDAP modules to provision Drupal accounts via feeds and when a user logs in. We then built a staff directory using the views module and quickly discovered that characters such as ampersands were being double escaped when rendered by views or by the default user profile page.

For example one of the attributes we're using is department. Saving an LDAP user with department of "Foo & Bar" gets saved to the database escaped: 

mysql> select * from field_data_field_department\G
....
*************************** 2. row ***************************
            entity_type: user
                 bundle: user
                deleted: 0
              entity_id: 17898
            revision_id: 17898
               language: und
                  delta: 0
 field_department_value: FOO & BAR
field_department_format: NULL

However when views and the user profile renders that field it escapes it again and renders: 

  <div class="field field-name-field-department field-type-text field-label-inline inline">
    FOO &amp;amp; BAR  </div>
CommentFileSizeAuthor
#4 2074611_ldap_tokens_escaped_before_saved-2.patch659 byteslawsonk
#1 2074611_ldap_tokens_escaped_before_saved.patch630 byteslawsonk
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

lawsonk’s picture

lawsonk CreditAttribution: lawsonk commented
FileSize
2074611_ldap_tokens_escaped_before_saved.patch630 bytes

The attached patch fixes this issue for me.

lawsonk’s picture

lawsonk CreditAttribution: lawsonk commented

I also encounter this problem with apostrophes in department names which gets rendered as: 

 <div class="field field-name-field-department field-type-text field-label-inline inline">
    Joe&amp;#039;s place.</div>

With the patch the value is stored un-escaped in the database and Drupal renders it correctly: 

  <div class="field field-name-field-department field-type-text field-label-inline inline">
    Joe&#039;s Place  </div>
lawsonk’s picture

lawsonk CreditAttribution: lawsonk commented
Issue summary: View changes

Quoting HTML properly.

johnbarclay’s picture

johnbarclay CreditAttribution: johnbarclay commented

#1 makes doesn't make the tokens lower case.

lawsonk’s picture

lawsonk CreditAttribution: lawsonk commented
FileSize
2074611_ldap_tokens_escaped_before_saved-2.patch659 bytes

Here's an updated patch with drupal_strtolower() added back.

johnbarclay’s picture

johnbarclay CreditAttribution: johnbarclay commented

I committed a variation of this: http://drupalcode.org/project/ldap.git/commitdiff/a03a591b2b884de9fcaf82...

Thanks.

johnbarclay’s picture

johnbarclay CreditAttribution: johnbarclay commented
Issue summary: View changes

Quoted SQL query too since it wasn't being displayed in issue correctly.

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Issue summary: View changes
Status: Needs review » Needs work
grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Status: Needs work » Needs review

The last submitted patch, 1: 2074611_ldap_tokens_escaped_before_saved.patch, failed testing.

The last submitted patch, 1: 2074611_ldap_tokens_escaped_before_saved.patch, failed testing.

Status: Needs review » Needs work

The last submitted patch, 4: 2074611_ldap_tokens_escaped_before_saved-2.patch, failed testing.

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Status: Needs work » Closed (outdated)

Just tried this, works fine.