[Done v1.3.9h] HTML tags show after upgrade to 1.3.9g
NOTE: v1.3.9h has been released, which FIXES the issue, and makes the following workaround UNNECESSARY. The best solution is to upgrade.
THE (now obsolete and overly complicated) WORKAROUND IS POSTED HERE: http://www.zen-cart.com/forum/showth...839#post941839 (Remember: Upgrading is simpler and smarter!)
I try to edit on define_main_page.php but shown all html code on the site. My current version is 1.3.8a.
How to write correct code on this page?
How to have image shown on home page?
Thanks in advance.
HTML tags show after upgrade to 1.3.9g
Hello,
I updated to 139g and experienced a very weird error.
In the html pages editor I often use html tags.
The < and > get converted to « and » though and mess all my pages up. Some for the preview of the product pages.
Really need help to make this look right again.
thanks in advance,
Peter
Re: 139g weird problem define pages editor
HTML tags show after upgrade to 1.3.9g
I upgraded to 1.3.9g this morning. Now, when I amend the description of a programme in the text editor (I use HTML), the html tags show up in the preview window. I've obviously not validated the changes otherwise they'll probably show up in the store front. What could be causing this ?
Re: 139g weird problem define pages editor
Well,
I use a lot of HTML tags in my define pages as well as in my product descriptions.
And all < and >'s turn into < or >.
I fixed it already for the define pages, not for the product previews though.
Here the fix for "admin/define_pages_editor.php":
I added line 77 -> http://pastie.org/1191676
Re: 139g weird problem define pages editor
I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.
Re: 139g weird problem define pages editor
Quote:
Originally Posted by
NFM
I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.
You're right, that's a relief ! But this needs fixing asap.
Re: HTML tags show after upgrade to 1.3.9g
Hi,
The define pages editor does look like it has fallen victim to code added to 139g to protect against a 'theoretical' xss exploit that some security scanners might pick up on.
There is a way of whitelisting entry boxes against the xss cleansing and this can be done by creating an override file in admin/includes/extra_configures
and that file should contain
NOTE: THE FOLLOWING CODE HAS BEEN SUPERCEDED BY THIS POST: http://www.zen-cart.com/forum/showth...839#post941839
Code:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
note the fix above is for the define pages editor only, and wil not fix content that has been edited since upgrade.
The product names/descriptions should not be affected
Some contributions may be affected, and if so the entry boxes affected in those contributions may need whitelisting in a similar manner to the above, but array('file_contents'); will need to be changed to add the name attribute of the form entry box
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
petek
I upgraded to 1.3.9g this morning. Now, when I amend the description of a programme in the text editor (I use HTML), the html tags show up in the preview window. I've obviously not validated the changes otherwise they'll probably show up in the store front. What could be causing this ?
Don't understand what you mean by the programme description, do you mean the product description ??
Re: 139g weird problem define pages editor
Quote:
Originally Posted by
NFM
I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.
Are you talking about the define pages, or some other preview ???