Hi,
The define pages editor does look like it has fallen victim to code added to 139g to protect against a 'theoretical' xss exploit that some security scanners might pick up on.
There is a way of whitelisting entry boxes against the xss cleansing and this can be done by creating an override file in admin/includes/extra_configures
and that file should contain
NOTE: THE FOLLOWING CODE HAS BEEN SUPERCEDED BY THIS POST: http://www.zen-cart.com/forum/showth...839#post941839
Code:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
note the fix above is for the define pages editor only, and wil not fix content that has been edited since upgrade.
The product names/descriptions should not be affected
Some contributions may be affected, and if so the entry boxes affected in those contributions may need whitelisting in a similar manner to the above, but array('file_contents'); will need to be changed to add the name attribute of the form entry box
Bookmarks