after rechecking and comparing with older sites i found out what the problem is and its with the new css form builder 2 on the file that it generates called wavt_validatedform_php.php
it comes with
<?php
if (!session_id()) {
session_start();
}
function ValidatedField($page,$field) {
$theFields= "";
$retVal = "";
if (isset($_SESSION["WAVT_".$page."_Errors"])) {
$theFields = "&".$_SESSION["WAVT_".$page."_Errors"];
}
if (strpos($theFields,"&WAVT_".$field."=") !== false) {
$retVal = substr($theFields,strpos($theFields,"&WAVT_".$field."=")+strlen("&WAVT_".$field."="));
}
if (strpos($retVal,"&WAVT_") !== false) {
$retVal = substr($retVal,0,strpos($retVal,"&WAVT_"));
}
if ($retVal == "" && $page == $field) {
$retVal = ValidatedField($page,$field."_Errors");
}
return str_replace("<","<",str_replace(">",">",str_replace('"',""",$retVal)));
}
?>
On my other sites where this problem doesnt come in the same file that was created by css form builder 1 was
<?php
if (!session_id()) {
session_start();
}
function ValidatedField($page,$field) {
$theFields= "";
$retVal = "";
if (isset($_SESSION["WAVT_".$page."_Errors"])) {
$theFields = "&".$_SESSION["WAVT_".$page."_Errors"];
}
if (strpos($theFields,"&WAVT_".$field."=") !== false) {
$retVal = substr($theFields,strpos($theFields,"&WAVT_".$field."=")+strlen("&WAVT_".$field."="));
}
if (strpos($retVal,"&WAVT_") !== false) {
$retVal = substr($retVal,0,strpos($retVal,"&WAVT_"));
}
if ($retVal == "" && $page == $field) {
$retVal = ValidatedField($page,$field."_Errors");
}
return $retVal;
}
?>
Comparing both files i notice this line wich is the one that afects the html editor with css form builder or the new validation toolkit it comes with
return str_replace("<","<",str_replace(">",">",str_replace('"',""",$retVal)));
So i replaced the new file generated by css form builder 2 with the one generated with css form builder 1 and works, my suggestion is that i know it is to avoid exploits or code injections but im working internally with the manager of the site im building, when i use the old file every thing is marked on the server behavoir as invalid and cant do any change cause it will overwrite the file again, css form builder should come with a file asking wich type of validation file should it use or something to avoid this, it works ok when its for page update but not when its for page insert taking the initial value from the validation form fields, when this happens the html editor shows those tags or quot wich is a pain in the a....