问题
I have been working on a CMS for months now, I have faced various challenges with laravel truncating certain special characters. I had to change the editor in the CMS from bootstrap wysiwyg to ckeditor things got quite better as there are some advance escaping options that come with it.
For example I was able to prevent '"' from becoming '" which was causing the entire string (paragraph) to truncate where ever it finds such encoding.
However this is a CMS where the user has a good reason to input a wide range of characters which can be safely encoded and kept in the database in cases where special chars are unavoidable. For example picking an embed from a website (very much allowed) which may contain any of these characters;
/ = %2F
: = %3A
# = %23
% = %25
? = %3F
When someone pastes a link that contains certain characters or tries to hyperlink some words that contain characters like the ones above(excluding %2F) the string is truncated. After doing inspection at various levels I noticed the string successfully gets to the back-end function it's then truncated before being saved. I don't know if its Laravel (the parser) or its MySql (the database I use) that truncates these strings. Here is a particular case;
When this Facebook embed :
<iframe src="https://www.facebook.com/plugins/comment_embed.php?href=https%3A%2F%2Fwww.facebook.com%2Ftonyelumelu%2Fposts%2F10154627801036949%3Fcomment_id%3D10154629134011949&include_parent=false" width="560" height="201" style="border:none;overflow:hidden"
scrolling="no" frameborder="0" allowTransparency="true">
</iframe>Is pasted in the editor this is what is found in the database
<iframe src="https://www.facebook.com/plugins/comment_embed.php?href=https://www.facebook.com/tonyelumelu/posts/10154627801036949?comment_id=10154629134011949
Careful observation will show you that all '%2F' was replace in the string with '/' but the string was exactly truncated at '%3F' which was supposed to replaced with '?' or at least left unchanged.
I know those are security measures but I have tweaked the front editor alot already and I think the back end sanitation should be left for me to do it (if I want) the way I want. I really need to first know how to stop such an annoying behavior before getting advice on the best practice. I would just like the strings to get into the database the way it comes without any changes. Thanks in advance.
回答1:
Trying to repeat the bug
I create a test route Route::any('/test', 'IndexController@test')->name('test');
Then - test action:
public function test(Request $request) {
if($request->isMethod('post')) {
$er = \App\Entity::create([
'log' => $request->code,
]);
exit('done');
}
echo "<form method=post>" . csrf_field() .
"<textarea name=code></textarea><input type=submit></form>";
}
Results
When I submit your code, I can see it unaltered in Network tab of browser
Then I go to the database and see the code unaltered as well.
What does it mean
Unfortunally, I was unable to repeat the bug you presented here. It means it is not Laravel who transforms your code unexpectedly. Try to check Network tab and dd() request vars to check them. I suppose that the bug is somewhere before sending data via network.
来源:https://stackoverflow.com/questions/45761853/laravel-truncating-strings-with-special-characters