[Done v1.3.9h] HTML tags show after upgrade to 1.3.9g

Printable View

Show 100 post(s) from this thread on one page

10 Oct 2010, 02:59 AM
jetx

Re: HTML tags show after upgrade to 1.3.9g

kobra, Dr Byte: thanks, got it.
10 Oct 2010, 03:51 PM
woodstuff59

Re: HTML tags show after upgrade to 1.3.9g

I've been through this thread and I can't find the answer to this question.

I am upgrading my site to version g and when I tried to enter info to my main page define pages, it just shows the html.

Here is the site link:

http://www.kanawhaplayers.org/groupieg/

It doesn't matter if I copy code from dreamweaver or use zen's editor.

If this problem has been solved and posted, please point me to the post.

Thanks in advance.
10 Oct 2010, 04:32 PM
Ajeh

Re: HTML tags show after upgrade to 1.3.9g

Look at this post #52 in this thread:
http://www.zen-cart.com/forum/showth...839#post941839

and see if that doesn't resolve the problem ...
10 Oct 2010, 04:57 PM
Oredayo

Re: HTML tags show after upgrade to 1.3.9g

Quote:

Originally Posted by Ajeh

The current release v1.3.9g was just released with the added Protection and, unfortunately, is too good ... so there is the need for the "white list" at this time ...

This will all be addressed in the next release ...

It takes two seconds to open a blank file and save it as:
/admin/includes/extra_configures/extra_white_list.php

You already have the directory:
/admin/includes/extra_configures/

You want to make a file called:
extra_white_list.php

and load it to the directory:
/admin/includes/extra_configures/

and in that file copy and paste the code posted in thread #52 ...

What this code is doing is excluding certain parts of the code from the extra protection that has been added in v1.3.9g from being applied to certain areas of the Admin so that when you edit the data and enter the HTML code it is not getting this extra protection as it also is protecting you against HTML code that you need to enter in some areas of the Admin ...

For ma part I have a problem that this extra-white-list.php couldn't resolve.

For exemple I have a problem with the "Shipping & returns" file, then I created extra_white_list.php in /admin/includes/extra_configures/ and it didn't work.

Inside i wrote:
$my_whitelist = array('shippinginfo'); -> didn't work
I tried with:
$my_whitelist = array('shippinginfo.php'); -> didn't work
then tried with:
$my_whitelist = array('define_shippinginfo.php'); -> didn't work
tried with:
$my_whitelist = array('define_shippinginfo'); -> didn't work

Then I read to do this with xss_whitelist.php instead of extra-white-list.php -> didn't work

Sorry, may be I missed something?
Could somebody help me?
10 Oct 2010, 05:08 PM
Ajeh

Re: HTML tags show after upgrade to 1.3.9g

Create the file as in post #52 ...

This line:

Code:

$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'message_html');

Hold the things that are "white listed" so that they work with the issues that are currently being cleaned by the security methods so that they do NOT get cleaned ...

You cannot just make up things for this white list ... they have to be the proper values and the code has to be written properly for the white list to work ...

First, try making the exact file listed in post #52 and then try to Edit the Shipping & Returns as you normally would and save it ... see if that doesn't correct the problem ...
10 Oct 2010, 06:54 PM
FrilansReklam

Re: HTML tags show after upgrade to 1.3.9g

Quote:

Originally Posted by Ajeh

Create the file as in post #52 ...

This line:

Code:

$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'message_html');

Hold the things that are "white listed" so that they work with the issues that are currently being cleaned by the security methods so that they do NOT get cleaned ...

You cannot just make up things for this white list ... they have to be the proper values and the code has to be written properly for the white list to work ...

First, try making the exact file listed in post #52 and then try to Edit the Shipping & Returns as you normally would and save it ... see if that doesn't correct the problem ...

I wrote before but have been away for the weekend. And I didn't see that you asked me a question.

My note was about this also have problem in Install SQL Patching.

Frank also have that problem and DrByte has notice it.

So can you update the fix to include the install sql patching?

(I fix it by upload it in phpmyadmin but it's good for others before the 1.3.9h is ready).
10 Oct 2010, 07:09 PM
Oredayo

Re: HTML tags show after upgrade to 1.3.9g

Quote:

Originally Posted by Ajeh

Create the file as in post #52 ...

This line:

Code:

$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'message_html');

Hold the things that are "white listed" so that they work with the issues that are currently being cleaned by the security methods so that they do NOT get cleaned ...

You cannot just make up things for this white list ... they have to be the proper values and the code has to be written properly for the white list to work ...

First, try making the exact file listed in post #52 and then try to Edit the Shipping & Returns as you normally would and save it ... see if that doesn't correct the problem ...

WAAAHOUUU!!!!!!!!!!
It works! Thank you very much.
11 Oct 2010, 06:36 AM
robbie269

Re: HTML tags show after upgrade to 1.3.9g

The newsletters are also showing the HTML tags.
Will the fix also fix that.
11 Oct 2010, 06:54 AM
DrByte

Re: HTML tags show after upgrade to 1.3.9g

Yes it will. That was discussed earlier in the thread.
11 Oct 2010, 09:33 AM
gilby

Re: HTML tags show after upgrade to 1.3.9g

Adding 'comments' to the white list for me fixed the problems with order updates showing on the order screen, and the emails that these send :)

Show 100 post(s) from this thread on one page