Page 1 of 23 12311 ... LastLast
Results 1 to 10 of 225
  1. #1
    Join Date
    Sep 2008
    Posts
    397
    Plugin Contributions
    0

    Default [Done v1.3.9h] HTML tags show after upgrade to 1.3.9g

    NOTE: v1.3.9h has been released, which FIXES the issue, and makes the following workaround UNNECESSARY. The best solution is to upgrade.



    THE (now obsolete and overly complicated) WORKAROUND IS POSTED HERE: http://www.zen-cart.com/forum/showth...839#post941839 (Remember: Upgrading is simpler and smarter!)


    I try to edit on define_main_page.php but shown all html code on the site. My current version is 1.3.8a.

    How to write correct code on this page?
    How to have image shown on home page?

    Thanks in advance.

  2. #2
    Join Date
    May 2009
    Posts
    68
    Plugin Contributions
    0

    Default HTML tags show after upgrade to 1.3.9g

    Hello,

    I updated to 139g and experienced a very weird error.

    In the html pages editor I often use html tags.

    The < and > get converted to &laquo; and &raquo though and mess all my pages up. Some for the preview of the product pages.

    Really need help to make this look right again.

    thanks in advance,
    Peter

  3. #3
    Join Date
    Aug 2009
    Posts
    25
    Plugin Contributions
    0

    Default Re: 139g weird problem define pages editor

    I have the same issue

  4. #4
    Join Date
    Jan 2008
    Location
    Chevreuse, France
    Posts
    273
    Plugin Contributions
    0

    Default HTML tags show after upgrade to 1.3.9g

    I upgraded to 1.3.9g this morning. Now, when I amend the description of a programme in the text editor (I use HTML), the html tags show up in the preview window. I've obviously not validated the changes otherwise they'll probably show up in the store front. What could be causing this ?
    Pete
    zc 1.3.9h
    www.gardenserre.fr

  5. #5
    Join Date
    May 2009
    Posts
    68
    Plugin Contributions
    0

    Default Re: 139g weird problem define pages editor

    Well,

    I use a lot of HTML tags in my define pages as well as in my product descriptions.

    And all < and >'s turn into &lt; or &gt;.

    I fixed it already for the define pages, not for the product previews though.

    Here the fix for "admin/define_pages_editor.php":
    I added line 77 -> http://pastie.org/1191676
    Last edited by p1lot; 30 Sep 2010 at 05:46 PM.

  6. #6
    Join Date
    Jan 2008
    Posts
    90
    Plugin Contributions
    0

    Default Re: 139g weird problem define pages editor

    I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.

  7. #7
    Join Date
    Jan 2008
    Location
    Chevreuse, France
    Posts
    273
    Plugin Contributions
    0

    Default Re: 139g weird problem define pages editor

    Quote Originally Posted by NFM View Post
    I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.
    You're right, that's a relief ! But this needs fixing asap.
    Pete
    zc 1.3.9h
    www.gardenserre.fr

  8. #8
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: HTML tags show after upgrade to 1.3.9g

    Hi,

    The define pages editor does look like it has fallen victim to code added to 139g to protect against a 'theoretical' xss exploit that some security scanners might pick up on.

    There is a way of whitelisting entry boxes against the xss cleansing and this can be done by creating an override file in admin/includes/extra_configures

    and that file should contain
    NOTE: THE FOLLOWING CODE HAS BEEN SUPERCEDED BY THIS POST: http://www.zen-cart.com/forum/showth...839#post941839
    Code:
    <?php
    $global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
    $my_whitelist  = array('file_contents');
    $global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
    note the fix above is for the define pages editor only, and wil not fix content that has been edited since upgrade.

    The product names/descriptions should not be affected

    Some contributions may be affected, and if so the entry boxes affected in those contributions may need whitelisting in a similar manner to the above, but array('file_contents'); will need to be changed to add the name attribute of the form entry box
    Last edited by Ajeh; 2 Oct 2010 at 11:34 PM.

  9. #9
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: HTML tags show after upgrade to 1.3.9g

    Quote Originally Posted by petek View Post
    I upgraded to 1.3.9g this morning. Now, when I amend the description of a programme in the text editor (I use HTML), the html tags show up in the preview window. I've obviously not validated the changes otherwise they'll probably show up in the store front. What could be causing this ?
    Don't understand what you mean by the programme description, do you mean the product description ??

  10. #10
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: 139g weird problem define pages editor

    Quote Originally Posted by NFM View Post
    I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.
    Are you talking about the define pages, or some other preview ???

 

 
Page 1 of 23 12311 ... LastLast

Similar Threads

  1. Replies: 25
    Last Post: 15 May 2010, 06:20 AM
  2. Replies: 11
    Last Post: 23 Nov 2009, 02:57 AM
  3. Replies: 5
    Last Post: 22 Jan 2009, 10:23 AM
  4. Replies: 4
    Last Post: 7 Jul 2008, 12:04 AM
  5. No HTML Editor after 1.3.6 upgrade
    By KADesign in forum Upgrading from 1.3.x to 1.3.9
    Replies: 13
    Last Post: 8 Nov 2006, 04:24 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR