.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
@schoolboy, towards the bottom of the (Zen Cart 1.5.5b) file /YOUR_ADMIN/includes/init_includes/init_sanitize.php, find:
and add the highlighted variable name to enable HTML tags in the products' options' comments:Code:$group = array('customers_email_address' => array('sanitizerType' => 'SANITIZE_EMAIL_AUDIENCE', 'method' => 'post', 'pages' => array('mail'))); $sanitizer->addComplexSanitization($group); $group = array('customers_email_address'); $sanitizer->addSimpleSanitization('SANITIZE_EMAIL', $group); $group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments'); $sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group); $group = array('products_url'); $sanitizer->addSimpleSanitization('PRODUCT_URL_REGEX', $group); $group = array('coupon_min_order'); $sanitizer->addSimpleSanitization('CURRENCY_VALUE_REGEX', $group);
Code:$group = array('customers_email_address' => array('sanitizerType' => 'SANITIZE_EMAIL_AUDIENCE', 'method' => 'post', 'pages' => array('mail'))); $sanitizer->addComplexSanitization($group); $group = array('customers_email_address'); $sanitizer->addSimpleSanitization('SANITIZE_EMAIL', $group); $group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments', 'products_options_comment'); $sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group); $group = array('products_url'); $sanitizer->addSimpleSanitization('PRODUCT_URL_REGEX', $group); $group = array('coupon_min_order'); $sanitizer->addSimpleSanitization('CURRENCY_VALUE_REGEX', $group);
Hi
There is some documentation about customizing the sanitizers here
However, to make your life easier, here is what to do.
Create a new file in [admin]/includes/extra_datafiles/
I named it sanitize_products_options_comment.php
contents of the file should be
PHP Code:
<?php
$sanitizer = AdminRequestSanitizer::getInstance();
$group = array(
'products_options_comment' => array('sanitizerType' => 'PRODUCT_DESC_REGEX', 'method' => 'post'),
);
$sanitizer->addComplexSanitization($group);
Note.
Have also opened a github issue.
https://github.com/zencart/zencart/issues/1348
Thanks wilt - that works.
@lat9...
I tried your suggestion a few days ago and it wouldn't work for me, but thanks for the suggestion.
PHP Code:
$group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments', 'products_options_comment');
$sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group);
20 years a Zencart User
Hmm, I wonder why that didn't work for you; it's working just fine for me.
Bookmarks