HtmlEncodeOutput unescapes incorrectly on some strings

[Aaron]

In FCKeditor.LoadPostData() the code that handles reverting the HtmlEncodeOutput changes does not work properly for strings that contain "&amp;lt;" or "&amp;gt;". The current code replaces '&amp;' before '&lt;' and '&gt;' which causes the strings mentioned to be converted to '<' and '>' respectively. What should happen is that the '&amp;' replacement should happen after the '&lt;' and '&gt;' replacement. This allows the strings to be converted to '&lt;' and '&gt;' which I believe is the proper decoding.

Here is a patch that fixes this problem.

Index: FCKeditor.cs
===================================================================
--- FCKeditor.cs        (revision 1585)
+++ FCKeditor.cs        (working copy)
@@ -456,9 +456,9 @@
                        // Revert the HtmlEncodeOutput changes.
                        if ( this.Config["HtmlEncodeOutput"] != "false" )
                        {
-                               postedValue = postedValue.Replace( "&", "&" ) ;
                                postedValue = postedValue.Replace( "&lt;", "<" ) ;
                                postedValue = postedValue.Replace( "&gt;", ">" ) ;
+                               postedValue = postedValue.Replace("&amp;", "&");
                        }

                        if ( postedValue != this.Value )

[Alfonso Martínez de Lizarrondo]

Patch as a file

[Alfonso Martínez de Lizarrondo]

I've attached the proposed patch for review. I'm not sure about the current released version of FCKeditor.net, so I haven't changed the what's new file

[Frederico Caldeira Knabben]

I've appended a new version to the changelog file with [2021]. Feel free to use that for this ticket.

[Alfonso Martínez de Lizarrondo]

Fixed with [2024]

Thanks acolwell.

[Frederico Caldeira Knabben]

#2225 has been marked as DUP.