I had a report from a client (running zc1.5.5e) that an attribute's value was rendering as Width: 1" instead of Width: 1" on the storefront display (checkout_success and account_history_info). The double-quote is properly rendered when viewing the order in the admin.
That value is defined as "1"" by the admin's Catalog->Options Value Manager. When investigating the discrepancy, I found that the admin version of the function zen_output_string (present in /admin/includes/functions/general.php):
Code:
function zen_output_string($string, $translate = false, $protected = false) {
if ($protected == true) {
return htmlspecialchars($string, ENT_COMPAT, CHARSET, FALSE);
} else {
if ($translate == false) {
return zen_parse_input_field_data($string, array('"' => '"'));
} else {
return zen_parse_input_field_data($string, $translate);
}
}
}
differs from the storefront implementation (present in /includes/functions/functions_general.php):
Code:
function zen_output_string($string, $translate = false, $protected = false) {
if ($protected == true) {
return htmlspecialchars($string, ENT_COMPAT, CHARSET, TRUE);
} else {
if ($translate === false) {
return zen_parse_input_field_data($string, array('"' => '"'));
} else {
return zen_parse_input_field_data($string, $translate);
}
}
}
My belief is that the admin version is correct, i.e. don't double-encode any pre-existing HTML entities aren't encoded.
Bookmarks