Printable View
we have a product that has M&M in the title. If you type M&M in the admin product search it doesn't appear but it works in the front end. Is there an input sensitization that is causing this problem? If so, and if anyone has encountered this before, can someone guide me toward figuring out how to just have the ampersand character analyzed properly?
Based on the sanitization in 'admin/includes/init_includes/init_sanitize.php` would suggest that the "search" criteria be added to the same filters as say "products_name".Quote:
Originally Posted by clam_man
So, would change:
to:Code:$group = array('categories_name', 'products_name', 'orders_status_name', 'configuration');
$sanitizer->addSimpleSanitization('PRODUCT_NAME_DEEP_REGEX', $group);
$group = array('configuration_value', 'configuration_key', 'search', 'query_string');
$sanitizer->addSimpleSanitization('STRICT_SANITIZE_VALUES', $group);
$group = array('report', 'startDate', 'endDate', 'filter');
$sanitizer->addSimpleSanitization('FLOAT_VALUE_REGEX', $group);
$group = array('products_name' => array('sanitizerType' => 'WORDS_AND_SYMBOLS_REGEX', 'method' => 'post', 'pages' => array('reviews')));
$sanitizer->addComplexSanitization($group);
I do not offer guarantee that it will work, but looks like it will then sanitize in the same way that products_name sanitizes which includes the ampersand in the products_name so "should" come out the "same" for searching. I believe this issue is also addressed in later versions, but haven't taken the time to research how it was modified. Might suggest looking at the ZC v1.5.7 file(s) for this...Code:$group = array('categories_name', 'products_name', 'search', 'orders_status_name', 'configuration');
$sanitizer->addSimpleSanitization('PRODUCT_NAME_DEEP_REGEX', $group);
$group = array('configuration_value', 'configuration_key', 'query_string');
$sanitizer->addSimpleSanitization('STRICT_SANITIZE_VALUES', $group);
$group = array('report', 'startDate', 'endDate', 'filter');
$sanitizer->addSimpleSanitization('FLOAT_VALUE_REGEX', $group);
$group = array('products_name' => array('sanitizerType' => 'WORDS_AND_SYMBOLS_REGEX', 'method' => 'post', 'pages' => array('reviews')));
$sanitizer->addComplexSanitization($group);
$group = array('search' => array('sanitizerType' => 'WORDS_AND_SYMBOLS_REGEX', 'method' => 'post'));
$sanitizer->addComplexSanitization($group);
i have been looking at this issue for a bit. this issue, for me, persists in the development code for v158.
in my testing of mc's solution on my v158 box, the changing of the sanitize script did not solve the problem for me.
but i would encourage you to test for yourself.
i'm still doing some digging as time permits.
best.
problem is definitely in the sanitizer.
Let's try this change instead. In /admin/includes/init_includes/init_sanitize.php, find this section
... and make the following changes:Code:
$group = array(
'pages_title', 'page_params', 'music_genre_name', 'artists_name', 'record_company_name', 'countries_name', 'name', 'type_name', 'manufacturers_name',
'title', 'coupon_name', 'coupon_copy_to_dup_name', 'banners_title', 'coupon_code', 'coupon_delete_duplicate_code', 'coupon_type',
'group_name', 'geo_zone_name', 'geo_zone_description',
'tax_class_description', 'tax_class_title', 'tax_description', 'entry_company', 'customers_firstname',
'customers_lastname', 'entry_street_address', 'entry_suburb', 'entry_city', 'entry_state', 'customers_referral',
'symbol_left', 'symbol_right', 'products_model', 'alt_url', 'email_to_name',
);
$sanitizer->addSimpleSanitization('WORDS_AND_SYMBOLS_REGEX', $group);
$group = array('metatags_title', 'metatags_keywords', 'metatags_description');
$sanitizer->addSimpleSanitization('META_TAGS', $group);
$group = array('customers_email_address' => array('sanitizerType' => 'SANITIZE_EMAIL_AUDIENCE', 'method' => 'post', 'pages' => array('coupon_admin', 'gv_mail', 'mail')));
$sanitizer->addComplexSanitization($group);
$group = array('customers_email_address', 'email_to');
$sanitizer->addSimpleSanitization('SANITIZE_EMAIL', $group);
$group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments', 'products_options_comment');
$sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group);
$group = array('products_url', 'manufacturers_url');
$sanitizer->addSimpleSanitization('PRODUCT_URL_REGEX', $group);
$group = array('products_attributes_filename');
$sanitizer->addSimpleSanitization('FILE_PATH_OR_URL', $group);
$group = array('coupon_min_order');
$sanitizer->addSimpleSanitization('CURRENCY_VALUE_REGEX', $group);
$group = array('categories_name', 'products_name', 'orders_status_name', 'configuration');
$sanitizer->addSimpleSanitization('PRODUCT_NAME_DEEP_REGEX', $group);
$group = array('configuration_key', 'search', 'query_string');
$sanitizer->addSimpleSanitization('STRICT_SANITIZE_VALUES', $group);
Code:
$group = array(
'pages_title', 'page_params', 'music_genre_name', 'artists_name', 'record_company_name', 'countries_name', 'name', 'type_name', 'manufacturers_name',
'title', 'coupon_name', 'coupon_copy_to_dup_name', 'banners_title', 'coupon_code', 'coupon_delete_duplicate_code', 'coupon_type',
'group_name', 'geo_zone_name', 'geo_zone_description',
'tax_class_description', 'tax_class_title', 'tax_description', 'entry_company', 'customers_firstname',
'customers_lastname', 'entry_street_address', 'entry_suburb', 'entry_city', 'entry_state', 'customers_referral',
//-bof-20210706-lat9: Enabling search to 'find' 'htmlspecialchars'
'symbol_left', 'symbol_right', 'products_model', 'alt_url', 'email_to_name', 'search',
//-eof-20210706-lat9
);
$sanitizer->addSimpleSanitization('WORDS_AND_SYMBOLS_REGEX', $group);
$group = array('metatags_title', 'metatags_keywords', 'metatags_description');
$sanitizer->addSimpleSanitization('META_TAGS', $group);
$group = array('customers_email_address' => array('sanitizerType' => 'SANITIZE_EMAIL_AUDIENCE', 'method' => 'post', 'pages' => array('coupon_admin', 'gv_mail', 'mail')));
$sanitizer->addComplexSanitization($group);
$group = array('customers_email_address', 'email_to');
$sanitizer->addSimpleSanitization('SANITIZE_EMAIL', $group);
$group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments', 'products_options_comment');
$sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group);
$group = array('products_url', 'manufacturers_url');
$sanitizer->addSimpleSanitization('PRODUCT_URL_REGEX', $group);
$group = array('products_attributes_filename');
$sanitizer->addSimpleSanitization('FILE_PATH_OR_URL', $group);
$group = array('coupon_min_order');
$sanitizer->addSimpleSanitization('CURRENCY_VALUE_REGEX', $group);
$group = array('categories_name', 'products_name', 'orders_status_name', 'configuration');
$sanitizer->addSimpleSanitization('PRODUCT_NAME_DEEP_REGEX', $group);
//-bof-20210706-lat9: Removing 'search' from this section, added above.
$group = array('configuration_key', 'query_string');
//-eof-20210706-lat9
$sanitizer->addSimpleSanitization('STRICT_SANITIZE_VALUES', $group);
@lat9 winner winner, chicken dinner!
try lat9's suggestion. that worked for me.
best.
Could I have a falafel dinner instead?Quote:
Originally Posted by carlwhat
Love me some falafel. Throw in some tabbouleh for good measure.
:thumbsup:Quote:
Originally Posted by lat9
This defect has recurred in the released version of 1.5.8. Opening an issue:
https://github.com/zencart/zencart/issues/5465