From cbd328eb5537b307502fdd9174bc8023df026f1d Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Wed, 21 May 2014 09:55:02 +0000
Subject: [PATCH] htmlarea-widget in mode="ascii" looses or modifies content
 (<, >, <tag>) by calling html::purify on it, also fixed set_attrs to expand
 attribute values

---
 etemplate/inc/class.etemplate_widget.inc.php         | 12 ++++++++++--
 .../inc/class.etemplate_widget_htmlarea.inc.php      |  7 ++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/etemplate/inc/class.etemplate_widget.inc.php b/etemplate/inc/class.etemplate_widget.inc.php
index f9b10eb36c..6d5b615a14 100644
--- a/etemplate/inc/class.etemplate_widget.inc.php
+++ b/etemplate/inc/class.etemplate_widget.inc.php
@@ -179,13 +179,21 @@ class etemplate_widget
 					$template = clone($this);
 					$cloned = true;	// only clone it once, otherwise we loose attributes!
 				}
-				$template->attrs[$reader->name] = $reader->value;
+				$value = (string)$reader->value;
+
+				// expand attributes values, otherwise eg. validation can not use attrs referencing to content
+				if ($value[0] == '@' || strpos($value, '$') !== false)
+				{
+					$value = self::expand_name($value, null, null, null, null,
+						isset(self::$cont) ? self::$cont : self::$request->content);
+				}
+				$template->attrs[$reader->name] = $value;
 
 				// split legacy options
 				if ($legacy_options && $reader->name == 'options')
 				{
 					$legacy_options = explode(',', $legacy_options);
-					foreach(self::csv_split($reader->value, count($legacy_options)) as $n => $val)
+					foreach(self::csv_split($value, count($legacy_options)) as $n => $val)
 					{
 						if ($legacy_options[$n] && (string)$val !== '') $template->attrs[$legacy_options[$n]] = $val;
 					}
diff --git a/etemplate/inc/class.etemplate_widget_htmlarea.inc.php b/etemplate/inc/class.etemplate_widget_htmlarea.inc.php
index 1708150650..f92ab425a7 100644
--- a/etemplate/inc/class.etemplate_widget_htmlarea.inc.php
+++ b/etemplate/inc/class.etemplate_widget_htmlarea.inc.php
@@ -56,8 +56,13 @@ class etemplate_widget_htmlarea extends etemplate_widget
 		if (!$this->is_readonly($cname, $form_name))
 		{
 			$value = self::get_array($content, $form_name);
+			// only purify for html, mode "ascii" is NO html and content get lost!
+			if ($this->attrs['mode'] != 'ascii')
+			{
+				$value = html::purify($value, $this->attrs['validation_rules']);
+			}
 			$valid =& self::get_array($validated, $form_name, true);
-			$valid = html::purify($value,($this->attrs['validation_rules']?$this->attrs['validation_rules']:null));
+			if (true) $valid = $value;
 		}
 	}
 }