Image tags being encoded on save

[ryanscherler]

We just recently moved a ProcessWire site to our dev server and for some reason when we save a given page with an image placed in the WYSIWYG - on 'save' it seems to be encoding and adding backslashes to the image attributes as follows (HTML):

<p><img src="\"/site/assets/files/1039/500x200.gif\"" width="\"500\"" height="\"200\"" alt="\"\"" /></p>

Any ideas on a config / setting possibly making this happen?

[ryanscherler]

A quick note note on this issue...

When editing the page, I can 'drop in' the image just fine from the modal pop up (it appears in the WYSIWYG after its inserted). Its just on 'save' that is seems to get encoded. Which makes me think its server related (adding slashes? - though in the .htaccess it states this has been turned off). I have migrated quite a few ProcessWire sites in the past and this has not been an issue.

[Wanze]

Do you have the Textformatter "Html Entity Encoder" applied to the TinyMce field?

Remove it and it should work.

Does it?

[ryan]

Do you only see the extra encoding/slashes on the front-end of your site, or do you see it on the back-end too (like in TinyMCE?). If it's only on the front-end, then I'd agree with Wanze that it sounds like you've got a textformatter applied to the field when you don't need one. Either that, or you are running the output through htmlentities() or htmlspecialchars() in your template files. 

But the extra backslashes in there are an oddity either way. If you are seeing it on both front-and-back end, then it sounds to me like something server-side is "sanitizing" all HTML input from POST. It's feasible that mod_security could have an option to do something like this. I'm guessing this is either a client's self-run server or a very small host (?), as this type of POST sanitizing wouldn't be compatible with any CMSs I know of. Please let us know what you find. 

[ryanscherler]

The extra encoding / slashes are both on the back-end (in TinyMCE) and front-end of the site. The functionality was working fine on my local MAMP setup - only after migration to the development server did we start to have this issue. I will look into something related to mod_security running on the server to see if thats what's making this happen - all I know is this is very odd - never seen it before.

[ryan]

Any news on this? Wondering if you guys found out what was causing it?

[Sam Howat]

Ryan, I ended up just moving the site over to our Rackspace server. It works perfectly well there. 

Without getting too technical, I think it was a combination of the PHP version, Magic Quotes, and an issue where the php.ini / htaccess methods of turning off Magic Quotes was somehow not allowed by the server. 

I don't think that you have to worry about this as being a bug that needs to be fixed, I think it was an unreasonable server configuration issue. 

[ryan]

Thanks for the follow up on this. I don't think it's magic quotes, just because PW's $input API variable is abstracted from the magic quotes setting (meaning, that setting shouldn't matter). Though if it was somehow doing double magic quotes, that might be an issue.