Customer Reviews Add-on by Stokes Web Development
Apostrophes
 Previous Top Next
So why do apostrophes disappear after a user enters them when writing a review?

Starting with version 6.2.5.0, Storefront 6.x software includes a built-in function in the cwebpage.vb file that parses each page that derives from the cwebpage class (except for the management section) and strips out apostrophes and other characters that could be used in SQL injection and cross site scripting attacks.  This code will strip out any apostrophes that your users may use in their reviews.   The apostrophes are not stripped out for the admin section, only the user section.   If desired, this code can be safely modified to not strip out the apostrophes for customer reviews while still preventing them in other areas.  The apostrophes do not pose a problem for the customer review code due to the way it was coded.  To do this modification, open your cwebpage.vb file and find the following code:
  
'Loop through the Form Collection
If (Request.Form.Count > 0) Then
   For i = 0 To Request.Form.Count - 1
      If (Request.Form.Keys(i) = "__VIEWSTATE" Or Request.Form.Keys(i) = "__EVENTARGUMENT" Or Request.Form.Keys(i) = "__EVENTTARGET") Then
         nvcForm.Add(Request.Form.Keys(i), Request.Form.Item(i))
      Else
         sTempString = TestInput(Request.Form.Item(i))


Add the following code in red making sure that the ElseIf line does not wrap to more than one row (there are 3 lines of code between the 2 '*** lines):
  
'Loop through the Form Collection
If (Request.Form.Count > 0) Then
   For i = 0 To Request.Form.Count - 1
      If (Request.Form.Keys(i) = "__VIEWSTATE" Or Request.Form.Keys(i) = "__EVENTARGUMENT" Or Request.Form.Keys(i) = "__EVENTTARGET") Then
         nvcForm.Add(Request.Form.Keys(i), Request.Form.Item(i))
 '*** New Code by www.stokesweb.com
      ElseIf ((Request.Form.Keys(i).ToLower.IndexOf("tboxswtitle") > -1) Or (Request.Form.Keys(i).ToLower.IndexOf("tboxswnickname") > -1) Or (Request.Form.Keys(i).ToLower.IndexOf("tboxswlocation") > -1) Or (Request.Form.Keys(i).ToLower.IndexOf("tboxswreview") > -1)) Then
        nvcForm.Add(Request.Form.Keys(i), Request.Form.Item(i))
        bRepost = True
 '*** End New Code
      Else
         sTempString = TestInput(Request.Form.Item(i))


Save the file and then recompile your website by loading the compilesite.aspx page in a browser window (or whatever page you normally use to compile the site) and make sure you get a clean compile.  A clean compile will look like this:

Clean Compile
 
If you have any additional text shown then there were errors. Do not proceed until these errors have been corrected and you get a clean compile.
 
If your site has a ssl/bin folder, copy the bin/storefront.dll file and paste it into that folder.
 
 Next Step: Localization
 
 
Copyright © 2008 by Stokes Web Development.  All Rights Reserved.