Page 1 of 2

Why would a page show "HTMLSPECIALCHARACTERS" in the echo?

Posted: Wed Feb 15, 2017 6:59 am
by simonmlewis
We use htmlspecialcharacters for security and display reasons.
But on our new server, the site runs ok, but in the search box after searching for something, rather than showing the search term, it's echoing the "code". And the code we are using is the same as on the old server.

What might cause such a thing?

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 7:14 am
by Celauran
Sample code? Screenshot? Seems strange that only this one function (and I assume you're using htmlspecialchars) is being affected.

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 7:22 am
by simonmlewis
Two issues. First one is as you describe. Second one is that on a page where we query the current date and time, it's not showing anything in the results. It' meant to take the details and calc delivery date based on current date and time.

And in the error logs, it's warning about using a particular date and time. I think when we migrated the site to the new server, certain Plesk settings were not migrated over. It's with the hosts, but wondered if you may know a cause to the htmlspecialchars issue.

It seems that the value ='?> <? htmlspecialchars.... code is ignoring the ?> side of things, and just echoing the code.

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 7:27 am
by Celauran
<? htmlspecialchars
Missing = ? Shouldn't that be

Code: Select all

<?= htmlspecialchars(...
?

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 7:29 am
by simonmlewis
yes sorry it is like that. I typed it here in haste.
It's the same code that was on another server that works. It's just that now, on this server, it doesn't. Yet the rest of the site runs fine.
Maybe a PHP issue. Must be. Some setting.

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 7:36 am
by Celauran
Pretty difficult to say without seeing any of the code or any of the related errors.

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 7:40 am
by simonmlewis
I know. Sorry. Just wondered if it was a PHP or apache setting somewhere that is "usually the cause".
Once we do find out thru the host, ill post it here.

Something is causing this not to run but to actually echo the CODE rather than run the script.

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 7:46 am
by Celauran
Checked for the use of short opening tags?

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 8:01 am
by simonmlewis
This is a sample of the actual code used.

Code: Select all

echo "<div class='head'><h1>Search: ";?><?= htmlspecialchars($search); ?><?php echo " <i class='fa fa-search' aria-hidden='true' style='color: #ff5500'></i></h1>";
... how do I check for short opening tags??

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 8:06 am
by Celauran
Hmm. Nothing in the error logs? That code works as expected for me. You're seeing "Search: htmlspecialchars(... "? Is $search interpolated, or is "$search" itself showing in output?

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 8:20 am
by simonmlewis
In the input field on the website we are seeing:
<?= htmlspecialchars($search); ?>

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 8:24 am
by Celauran
Looks like <?= isn't working, but <?php echo is. Have you tried changing that?

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 8:34 am
by simonmlewis
Ahaaa that works! So why would that be the case?

Also we have a lot of these, and it may or may not be why our datetime script isn't working any calculations:

[text]mod_fcgid: stderr: PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EST/-5.0/no DST' instead in /var/www/vhosts/site.co.uk/httpdocs/footer.php on line 28, referer: https://www.site.co.uk/product/shirt/bl ... lack-shirt[/text]

We are in the UK. And this is on Plesk.

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 8:37 am
by Celauran
simonmlewis wrote:Ahaaa that works! So why would that be the case?
Likely a short tags setting in php.ini. Is this an old version of PHP? <?= should always work as of PHP 5.4.
simonmlewis wrote:Also we have a lot of these, and it may or may not be why our datetime script isn't working any calculations:

[text]mod_fcgid: stderr: PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EST/-5.0/no DST' instead in /var/www/vhosts/site.co.uk/httpdocs/footer.php on line 28, referer: https://www.site.co.uk/product/shirt/bl ... lack-shirt[/text]

We are in the UK. And this is on Plesk.
Sounds like the timezone isn't set in php.ini. Try as the error suggests and use date_default_timezone_set() in your bootstrapping code. Better yet, talk to your provider about how to fix that (some support local php.ini files).

Re: Why would a page show "HTMLSPECIALCHARACTERS" in the ech

Posted: Wed Feb 15, 2017 8:41 am
by simonmlewis
Current PHP version: 5.3.3

I've asked them about this. I see in Plesk there are missing settings, or settings for EST rather than GMT. I rather suspect it will pick up on that when they fix it.