-
[Done v1.3.9h] HTML tags show after upgrade to 1.3.9g
NOTE: v1.3.9h has been released, which FIXES the issue, and makes the following workaround UNNECESSARY. The best solution is to upgrade.
THE (now obsolete and overly complicated) WORKAROUND IS POSTED HERE: http://www.zen-cart.com/forum/showth...839#post941839 (Remember: Upgrading is simpler and smarter!)
I try to edit on define_main_page.php but shown all html code on the site. My current version is 1.3.8a.
How to write correct code on this page?
How to have image shown on home page?
Thanks in advance.
-
HTML tags show after upgrade to 1.3.9g
Hello,
I updated to 139g and experienced a very weird error.
In the html pages editor I often use html tags.
The < and > get converted to « and » though and mess all my pages up. Some for the preview of the product pages.
Really need help to make this look right again.
thanks in advance,
Peter
-
Re: 139g weird problem define pages editor
-
HTML tags show after upgrade to 1.3.9g
I upgraded to 1.3.9g this morning. Now, when I amend the description of a programme in the text editor (I use HTML), the html tags show up in the preview window. I've obviously not validated the changes otherwise they'll probably show up in the store front. What could be causing this ?
-
Re: 139g weird problem define pages editor
Well,
I use a lot of HTML tags in my define pages as well as in my product descriptions.
And all < and >'s turn into < or >.
I fixed it already for the define pages, not for the product previews though.
Here the fix for "admin/define_pages_editor.php":
I added line 77 -> http://pastie.org/1191676
-
Re: 139g weird problem define pages editor
I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.
-
Re: 139g weird problem define pages editor
Quote:
Originally Posted by
NFM
I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.
You're right, that's a relief ! But this needs fixing asap.
-
Re: HTML tags show after upgrade to 1.3.9g
Hi,
The define pages editor does look like it has fallen victim to code added to 139g to protect against a 'theoretical' xss exploit that some security scanners might pick up on.
There is a way of whitelisting entry boxes against the xss cleansing and this can be done by creating an override file in admin/includes/extra_configures
and that file should contain
NOTE: THE FOLLOWING CODE HAS BEEN SUPERCEDED BY THIS POST: http://www.zen-cart.com/forum/showth...839#post941839
Code:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
note the fix above is for the define pages editor only, and wil not fix content that has been edited since upgrade.
The product names/descriptions should not be affected
Some contributions may be affected, and if so the entry boxes affected in those contributions may need whitelisting in a similar manner to the above, but array('file_contents'); will need to be changed to add the name attribute of the form entry box
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
petek
I upgraded to 1.3.9g this morning. Now, when I amend the description of a programme in the text editor (I use HTML), the html tags show up in the preview window. I've obviously not validated the changes otherwise they'll probably show up in the store front. What could be causing this ?
Don't understand what you mean by the programme description, do you mean the product description ??
-
Re: 139g weird problem define pages editor
Quote:
Originally Posted by
NFM
I'm having the same issue. However I can confirm that even if you are seeing the HTML on the preview page it posts to the store just fine. It does need to be fixed though because I have to post things live just to see if they look right since the preview isn't showing it.
Are you talking about the define pages, or some other preview ???
-
1.39.g Define pages not longer printing as html
Define page are no longer printing html to the page but printing out the source code. I did copy changed files over into the zip file I have been using for 1.3.f. Someone please check to see if it's something I did or something in this new release.
The language file itself does not contain pure html. the brackets are not < or > but the < tags instead/
It's fine until you go to edit the page.
-
Re: 139g weird problem define pages editor
Quote:
Originally Posted by
wilt
Are you talking about the define pages, or some other preview ???
As NFM, I've got the same problem. Your whitelist fix works fine for define pages, but not for the preview of product pages (when adding or updating a product).
When I add/update a product it's really helpful to see the "real" version, not the HTML-clutter.
-
Re: 1.39.g Define pages not longer printing as html
Quote:
Originally Posted by
delia
Define page are no longer printing html to the page but printing out the source code. I did copy changed files over into the zip file I have been using for 1.3.f. Someone please check to see if it's something I did or something in this new release.
The language file itself does not contain pure html. the brackets are not < or > but the < tags instead/
It's fine until you go to edit the page.
http://www.zen-cart.com/forum/showpo...08&postcount=8
Just create a file called xss_whitelist.php in "admin/includes/extra_configures" and paste that code above. Works fine for me.
-
Re: HTML tags show after upgrade to 1.3.9g
I got 8 sites I upgraded already today. Creating a whole 'nother file that will be obsolete soon is not a great option for me. The question is whether the permanent fix will be posted here so I can do it right.
I jumped on this release and have quite a few other sites to upgrade since there seemed to be so many security fixes in it. I'm now in limbo.
-
Re: HTML tags show after upgrade to 1.3.9g
And reading back thru this thread (I had started a new thread) I also need to say that this is affecting my sites on the pages themselves:
for example
http://soldierhollowclassic.com/shop...age=contact_us
-
Re: HTML tags show after upgrade to 1.3.9g
After adding the patch ... what happens if you just edit and save the:
/includes/languages/english/html_includes/your_template_dir/define_contact_us.php
in your Tools ... Define Page Editor ...
NOTE: you should be using template and overrides for these
-
Re: HTML tags show after upgrade to 1.3.9g
Hi, all,
My situation is a little bit different from yours.
When I made changed in the define_main_page.php by using the define pages editor in the admin panel, it was fine in the editor ( I was using "HTML body" option instead of the "plaint text" ) but it show HTML source code in the store front. It is the plaint HTML code, like <, and >, and they are not converted to < nor > like what p1lot mentioned in post #5.
The other thing is I copied the original define_main_page.php from the zen-cart classic theme to replace my custom override template, it still showed HTML code.
I noticed, whatever I put inside the define pages editor, everything will show up as plain text, even as simple as "Welcome to my store" then a "Enter" key, it will show to the front page "Welcome to my store </br>".
I agree with delia. I will wait until a permanent fix from zen-cart. Hopefully it will come out very, very, very soon.
A little suggestion: can I just upgrade other files but leave that particular file that cause this trouble behind? Of course this need to be confirm by zen-cart developpers.
-
Re: HTML tags show after upgrade to 1.3.9g
Did you create a file like:
/admin/includes/extra_configures/extra_white_list.php
and put into that file the code:
NOTE: THE FOLLOWING CODE HAS BEEN SUPERCEDED BY THIS POST: http://www.zen-cart.com/forum/showth...839#post941839
*snip*
and then try to edit the define_main_page.php once more and save it to see if this displays correctly now?
-
Re: HTML tags show after upgrade to 1.3.9g
I tried on a fresh installed zen-cart, and it WORKS!!!:clap:
-
Re: HTML tags show after upgrade to 1.3.9g
I have a little ajax calling in my own php file when certain options are selected on the main page.
This stop working after the upgrade and it does not display the second drop down option that the
ajax calls in. I checked the define_main_page in the editor and when I save it got the html rather than
just the text on the main page. i applied the fix post above using the using the $global_xss_whitelist instructions and it removed
the html and it went back to displaying the text, but it is not retrieving my php file using ajax as it did previously.
-
Re: HTML tags show after upgrade to 1.3.9g
I reinstalled the language paypal.php file from 1.3.9f and all is back in order.
-
Re: 139g weird problem define pages editor
Quote:
Originally Posted by
wilt
Are you talking about the define pages, or some other preview ???
I haven't used the Define Pages since the update yet. Honestly, I'm a little hesitant to do so. I'm referring to the Product Preview page that you get after you add a new product.
Will your whitelist fix that or should I just wait for something more permanent?
-
Re: HTML tags show after upgrade to 1.3.9g
Hello
I just downloaded and installed a clean copy of 1.3.9g.
Same problem of HTML tags showing on the product preview pages (admin side) and define_main_pages (store side)
I installed CKEditor by: Kuroi
same problmes outlined above
I then applied Wilts patch.
This fixed the problems of HTML tags appearing on define_main_pages (store side) when using both HTMLarea and CKEditor.
One thing that worried me is delia's comment of "Creating a whole 'nother file that will be obsolete soon is not a great option for me". Is the Wilt patch just a quick fix?
If so, i think i will wait for 1.3.9g1 or 1.3.9h before upgrading my live shop.
Because "Some contributions may be affected, and if so the entry boxes affected in those contributions may need whitelisting in a similar manner to the above, but array('file_contents'); will need to be changed to add the name attribute of the form entry box - wilt" goes over my head, and i have about 30+ add-ons installed.
-
Re: HTML tags show after upgrade to 1.3.9g
Folks, the PRODUCT PREVIEW page display issue is NOT a bug.
While you may dislike the way the preview shows, it is unfortunately necessary in order to protect YOU against XSS attacks on your admin area.
Clicking Save on the product-preview screen SAVES IT PROPERLY.
-
Re: HTML tags show after upgrade to 1.3.9g
Mr Byte, is the Wilt fix a permanent fix for the define_main_pages bug and going to be added to 1.3.9g or 1.3.9h fileset, therefore upgrading to 1.3.9g now is OK.
Or should I wait a while for further news on this?
Thanks
Michael
-
Re: HTML tags show after upgrade to 1.3.9g
Dr. Byte, please speak to the problem of the define pages not showing correctly on the client side. What I'm hearing so far is that the extra file has to be added for the define pages. Is this a permanent solution? A bug? Please clarify because this has made using the define pages impossible for the average cart owner.
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by dutchy
Mr Byte, is the Wilt fix a permanent fix for the define_main_pages bug
Quote:
Originally Posted by delia
Dr. Byte, please speak to the problem of the define pages not showing correctly on the client side.
I think this is clear...
Quote:
Originally Posted by DrByte
While you may dislike the way the preview shows, it is unfortunately necessary in order to protect YOU against XSS attacks on your admin area.
Clicking Save on the product-preview screen SAVES IT PROPERLY.
-
Re: HTML tags show after upgrade to 1.3.9g
Sorry Kobra. I don't mean to be rude, but if it were clear, two of use would not have felt the need to ask if this fix is permanent and we are good to go.
"yes/no this is/isn't a permanent fix for the define_main_pages " is clear
-
Re: HTML tags show after upgrade to 1.3.9g
Yes. Treat it as a "permanent" fix.
For now.
There are numerous other far more important fixes in 1.3.9g that warrant the upgrade. Don't hold it off just for this trivial issue. Use the fix supplied.
-
Re: HTML tags show after upgrade to 1.3.9g
brilliant, thanks for the top work!
I shall not delay in 1.3.9g upgrade.
-
Re: HTML tags show after upgrade to 1.3.9g
Thank you guys! I added that extra cofig file per the instructions and working great! Just wanted to let you know you are appreciated! :clap:
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
petek
I reinstalled the language paypal.php file from 1.3.9f and all is back in order.
Why did I type paypal.php ? What I meant is that I reinstalled admin/includes/modules/product/preview_info.php.
-
Re: HTML tags show after upgrade to 1.3.9g
Everything for me is now working fine.
Great thankyou
-
Re: HTML tags show after upgrade to 1.3.9g
Hello,
Sorry guys, all fixed up on the front page showing html, yeehaw, but now my html on my banners are showing in the side boxes. No images ,just the code pops up on front end. What should I do to fix it.
Thanks!
-
Re: HTML tags show after upgrade to 1.3.9g
NOTE: THE FOLLOWING CODE HAS BEEN SUPERCEDED BY THIS POST: http://www.zen-cart.com/forum/showth...839#post941839
Try using for the extra_white_list.php file:
/admin/includes/extra_configures/extra_white_list.php
and put into that file the code:
Code:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents', 'banners_html_text');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
and then try to edit the define_main_page.php or Banner HTML once more and save it to see if this displays correctly now?
NOTE: the file
/admin/includes/extra_configures/extra_white_list.php
is a file that you create for this code ...
-
Re: HTML tags show after upgrade to 1.3.9g
Not just yea but hell yea! Thanks! All good here. I saw I needed to edit something in the array line but I do not know code very well. But I do follow instructions well lol. Gimme something to copy and paste and tell me where to paste it and Im good. Thank you for your help.
-
Re: HTML tags show after upgrade to 1.3.9g
I've applied the patch as outline but now my banners on the front page no longer interpate the HTML code:
It works for the other pages, but not the banner.
http://www.daisygirlstshirts.com/ind...ain_page=index
Any idea what to do here?
-
Re: HTML tags show after upgrade to 1.3.9g
It seems my only alternative is to load all the old files that were replaced for the upgrade since this newest fubard my site.
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
azimpact
Um ... the fix Ajeh posted above will handle banners.
-
Re: HTML tags show after upgrade to 1.3.9g
I applied the fix and it worked for everything except the front page banner.
If I use HTML text instead of the image, all that displays is the actually HTML, not the output of the HTML.
-
Re: HTML tags show after upgrade to 1.3.9g
I can't see any example of that on your site.
-
Re: HTML tags show after upgrade to 1.3.9g
Yes, the site was being reveiwed for a gateway so I had to put the text into a banner so they could see a complete site.
The HTML version I had showed the banner and the text but instead after the upgrade, below is exactly what was showing in place of the banner with the 3 shirts across the top when I use HTML instead of the banner image.
Code:
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td valign="top"><div align="center"><img src="daisy1.jpg" width="950" height="280" /></div></td>
</tr>
<tr>
<td width="85%" valign="top"><p><strong>The Daisy Girls Beginning</strong><br />
</p>
<p></p>
<p>Daisy Girls wants to promote positive messaging to women and girls that wear the shirts and to the
people that read them. This line of t-shirts not only gives a positive message; they also inspire and
motivate you to live the message or as we like to say at Daisy Girls, "Be" the shirt.<br>
<br>
</p>
<p><strong>Quality Shirts</strong></p>
<p>Daisy Girls shirts are made for women and girls who want a perfect fitting t-shirt with a subtle
positive message. Our shirts are made of a super soft, ring-spun cotton AND made in the USA. Let's just
say that our Daisy Girls t-shirts are like the girls and women who wear them.... Soft, but durable.
Feminine, but strong. Females of all sizes, shapes and ages will quickly find the Daisy Girls t-shirts to
be their favorite t-shirts.<br>
<br>
</p>
<p>Women are the strongest force on the planet. I don't know about you, but I am <strong>NOT</strong>
a "Princess", a "Gold digger", or a "Spoiled Brat". We can do better than that. Buy a shirt, spread the
word, and let's motivate women and girls to be their best! <hr /></td>
</tr>
</table>
It is not interperting the HTML and displaying the output. It is showing the actual html code. It was not doing this before upgrading.
-
Re: HTML tags show after upgrade to 1.3.9g
Be sure that you applied the fix that I posted concerning both the define pages and banners ...
What you posted appears to work fine on my site ...
NOTE: be sure after adding the fix that you EDIT the broken banner and just save it to fix it ...
-
HTML code showing in emai
I tried to find a solution in the other forums but im having a hard time. I just upgraded to the most recent zencart today and now i am getting html code in my emails if i use html. It was working find before upgrading today. Can anyone give a solution to the problem.
-
Re: HTML code showing in emai
Can you elaborate on what "html code in my emails" you're seeing?
-
Re: HTML code showing in email
This is a sample text i was trying to send:
Rich Text Message:
<p>This is an example of something to send</p><p /><p><a href="http://www.zen-cart.com">http://www.zen-cart.com</a></p>
--------------------------------------------------------------------------------
Text-Only Message:
<p>This is an example of something to send</p><p /><p><a href="http://www.zen-cart.com">http://www....></p>
when the email goes through this is what i get html code
-
Re: HTML code showing in emai
Please i need help, is there a file i need to fix or something, what could cause html code to appear in the actual emails.
-
Re: HTML tags show after upgrade to 1.3.9g
I installed 139g (new install) and have the same html tags issue
I created: extra_white_list.php
in it I put:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
uploaded to: extra_confiqures folder
still showing tags, Please advise
SORRY,SENT IT TO WRONG FOLDER, THANKS FOR THE FIX
-
Re: HTML tags show after upgrade to 1.3.9g
Be sure you uploaded to the admin/includes/extra_configure folder - I boobooed at first and put it in the catalog side.
-
Re: HTML tags show after upgrade to 1.3.9g
Code works great. Thank you!
But html codes ( <br /><br />) are showing when sending Newsletter and emails.
-
HTML Code in Email
I need help to resolve this problem, i have been looking through the threads and have not found a solution yet.
I upgraded to v1.3.9g from v1.3.9f yesterday, and when i did my emails in nowing showing html code in the final product for example
when the email comes through it shows:
<p>How are you</p>
in the actual email
i had to switch to text email, but i prefer html so i can send out pictures. Is there a file i can upload again to fix the rich text html editor from showing the code in the actual email.
-
Re: HTML tags show after upgrade to 1.3.9g
NOTE: v1.3.9h has been released, which FIXES the issue, and makes the following workaround UNNECESSARY. The best solution is to upgrade.
Try using for the extra_white_list.php file:
/admin/includes/extra_configures/extra_white_list.php
and put into that file the code:
Code:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'message_html', 'manufacturers_name', 'symbol_left', 'symbol_right', 'query_string');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
and then try to edit the Define Page or Banner HTML or EZPage Title or Send Email once more and save it to see if this displays correctly ...
NOTE: the file
/admin/includes/extra_configures/extra_white_list.php
is a file that you create for this code ...
NOTE: Updated for Manufactuers Name, Currencies Left Symbol and Currencies Right Symbols and Install SQL Patches
Steps to use the above code:
1 create the file:
/admin/includes/extra_configures/extra_white_list.php
2 add the code posted above
3 FTP the file to your server
4 edit the section where you have the problem and save/update it to correct the issue
-
Re: HTML tags show after upgrade to 1.3.9g
Linda, You are the best! :smile: Thank you!
-
Re: HTML tags show after upgrade to 1.3.9g
Yes, I'm seeing the same thing in emails if you use Mime email true.
I've applied the patch and it works for the other pages, but now the HTML emails are not working.
Any patch for that?
-
Re: HTML tags show after upgrade to 1.3.9g
Also, in the patch code is the ending ?> purposely left off?
-
Re: HTML tags show after upgrade to 1.3.9g
Thank You!!!
the extra_white_list.php file, resolved the issue with the email :smile:
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
azimpact
Also, in the patch code is the ending ?> purposely left off?
That is fine, the closing php tag is not required
-
Re: HTML tags show after upgrade to 1.3.9g
All my issues are now fixed.
I was using the first code that was posted so I was having issues but once I added the last code posted things are working good again.
Thanks for the patch!
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
Ajeh
NOTE: the file
/admin/includes/extra_configures/extra_white_list.php
is a file that you create for this code ...
I just created this file using the exact code you have above and uploaded to the folder specified. My site won't load at all now. Admin still works, but the main site no longer renders at all: www.plrnichemart.com
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
acpaulley
I just created this file using the exact code you have above and uploaded to the folder specified. My site won't load at all now. Admin still works, but the main site no longer renders at all:
www.plrnichemart.com
Making the changes discussed in this thread can't break the storefront, since they're only applicable to the admin side.
You must have something else wrong in your storefront files.
ref: https://www.zen-cart.com/tutorials/index.php?article=82
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
DrByte
This is a brand new install. I installed it less than an hour ago, and the first change I'm trying to make to the store is the Main Page text. If I delete the extra_white_list.php file, the site works again (albeit the HTML tags are not rendered). If I upload it again, the site breaks.
I've even tried uploaded this new file to /includes/extra_configures and /admin/includes/extra_configures... and whenever I upload it either, that section of the site breaks... if its in the admin/includes/extra_configures folder, the admin sections breaks... if its in the /includes/extra_configures folder
The ONLY change I'm making is uploading this new whitelists file... if it's there, the site doesn't render and that FAQ didn't help because the site doesn't even generate any errors.
-
Re: HTML tags show after upgrade to 1.3.9g
The correct location is under /admin/includes/extra_configures/
And if that's causing the admin to break, then you've got bad content in the file. Again, see the link I posted to you previously.
Maybe your copy+paste isn't reliable on your PC?
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
DrByte
The correct location is under /admin/includes/extra_configures/
And if that's causing the admin to break, then you've got bad content in the file. Again, see the link I posted to you previously.
Maybe your copy+paste isn't reliable on your PC?
Thank you -- for some inexplicable reason, my copy and paste was adding \ at the end of every line, but it wasn't showing in Notepad. I opened the file up in Dreamweaver to look at the code and saw the extra \'s... I rebooted the computer and it stopped doing that.
Thanks!
-
Re: HTML tags show after upgrade to 1.3.9g
Most "editor" software written by microsoft is going to do that to you.
Better to use Notepad++ as a solid free replacement for MS Notepad.
http://notepad-plus.sf.net
-
Re: HTML tags show after upgrade to 1.3.9g
after being kindly guided to this thread i added the file and the define page issue was resolved.
It hasn't resolved the same problem in the news and article mod manager.
Articles created there are showing as source HTML on the store side.
Any ideas?
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by DVDTitan
It hasn't resolved the same problem in the news and article mod manager.
Article manager is not in the white list...
NOTE: THE FOLLOWING CODE HAS/MAY HAVE BEEN SUPERCEDED BY THIS POST: http://www.zen-cart.com/forum/showth...839#post941839
Not familiar with that 3rd party mod, I do not know the variable to add to
Code:
$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'message_html');
-
Re: HTML tags show after upgrade to 1.3.9g
Great fix.. It was weird. My site was displaying the html just fine up until today... I upgraded a few days ago and now it works again! Thanks for the info!
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
kobra
Article manager is not in the white list...
NOTE: THE FOLLOWING CODE HAS/MAY HAVE BEEN SUPERCEDED BY THIS POST: http://www.zen-cart.com/forum/showth...839#post941839
Not familiar with that 3rd party mod, I do not know the variable to add to
Code:
$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'message_html');
Thanks for this, what info am i looking for in the news and article mod files to add to the white list file?
-
Re: HTML tags show after upgrade to 1.3.9g
The <input> field name of the content that you're saying is mangled.
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
DrByte
The <input> field name of the content that you're saying is mangled.
Looking at the news.php file could it be this?
$news_article_text = zen_db_prepare_input($_POST['news_article_text'][$lang['id']]);
-
Re: HTML tags show after upgrade to 1.3.9g
Just to let anyone know who is also struggling with source HTML in the news and article manager i added to the suggested file in this thread two inputs from this mod so my file reads as follows:
PHP Code:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'message_html','news_article_text','news_article_shorttext');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
This appears to have resolved the issue with this mod. I will also post this in the news and article mod thread as well for assistance there.
-
Re: HTML tags show after upgrade to 1.3.9g
After applying the code mention before, there is still a problem on EZpages address.
When I put:
index.php?main_page=product_info&cPath=1&products_id=3
It changed into:
index.php?main_page=product_info&cPath=1&products_id=3
on the address bar.
Thanks
-
Re: HTML tags show after upgrade to 1.3.9g
Same with me I am afraid. All the ezpage internal links are broken.
/index.php?main_page=product_info&cPath=65&products_id=180
I don't know how to fix this?
-
Re: HTML tags show after upgrade to 1.3.9g
i experience the error for the shopping cart if attributes have special chars in them, how can i put that on the xss whitelist?
-
Re: HTML tags show after upgrade to 1.3.9g
For the EZPages Internal Links see the current settings at:
http://www.zen-cart.com/forum/showth...839#post941839
-
Re: HTML tags show after upgrade to 1.3.9g
Ajeh I have a question for you. I uploaded the /admin/includes/extra_configures/extra_white_list.php but still it shows like this when updating or submitting a new item. Any idea what I did wrong or is there something else I need to do. Shows ok on the catalog side. Thank you
Quote:
<p><font face="VERDANA, HELVETICA, ARIAL" color="#000000" size="2" style="font-weight: bold;"> Hefty 28-oz. stein is banded all around by vintage John Deere advertising images, then tastefully trimmed in gleaming gold. A majestic mug that's a joy to behold, and a stately symbol of Heartland pride! </font><font face="VERDANA, HELVETICA, ARIAL" color="#000000" size="2" style="font-weight: bold;">Ceramic. Dishwasher safe; do not microwave. 4 1/2" diameter x 6 1/8" high.</font></p>
-
Re: HTML tags show after upgrade to 1.3.9g
Thankfully I haven't done the upgrade to 'g' yet.
As this 'theoretical' xss fix is causing so many 'real' problems, could we have a thread that shows comprehensively how to fix this problem please. Trying to navigate all the comments and XTS's (cross thread solutions) in here is a nightmare.
Could I also suggest posting a 'fix' that removes this 'theoretical' xss feature completely rather than having to enter various random names into an override file? This seems the best solution until this is tested properly.
Thanks for your attempt at this feature, but better luck next time.
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
DrByte
Folks, the PRODUCT PREVIEW page display issue is NOT a bug.
While you may dislike the way the preview shows, it is unfortunately necessary in order to protect YOU against XSS attacks on your admin area.
Clicking Save on the product-preview screen SAVES IT PROPERLY.
Doesn't this make the preview screen obsolete for most cart owners? They no longer can preview the product.
My apologies if I"ve missed anything else about this.
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
Celtic
Thankfully I haven't done the upgrade to 'g' yet.
As this 'theoretical' xss fix is causing so many 'real' problems, could we have a thread that shows comprehensively how to fix this problem please. Trying to navigate all the comments and XTS's (cross thread solutions) in here is a nightmare.
Could I also suggest posting a 'fix' that removes this 'theoretical' xss feature completely rather than having to enter various random names into an override file? This seems the best solution until this is tested properly.
Thanks for your attempt at this feature, but better luck next time.
I am in total agreement. This is causing nightmares for me and has cost me money.
I'm about ready to back up to f and hold there.
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
countrycharm
Ajeh I have a question for you. I uploaded the /admin/includes/extra_configures/extra_white_list.php but still it shows like this when updating or submitting a new item. Any idea what I did wrong or is there something else I need to do. Shows ok on the catalog side. Thank you
If you mean in the Preview, that will be that way until v1.3.9h comes out ...
We are working on this issue and do not want a bazillion patch works made for things ...
As long as the Catalog looks good you should be fine ...
-
Re: HTML tags show after upgrade to 1.3.9g
Thank you for the clarification that this will all change. So far no one has actually said how this is going to end up and I was really worrying that we might be stuck with some of this forever.
I shall leave you all to your work!
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
Ajeh
If you mean in the Preview, that will be that way until v1.3.9h comes out ...
We are working on this issue and do not want a bazillion patch works made for things ...
As long as the Catalog looks good you should be fine ...
Thanks Linda I was hoping you guys were working on something. Keep up the good work you and the team.
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
DrByte
Be fore and since I upgraded to the new html_output from zen-cart-v1.3.9g my bread crumbs still are doing the samething. Looks horrible. I have them cut off because they look that bad.
-
Re: HTML tags show after upgrade to 1.3.9g
I'm getting a rather strange issue on my test site at the moment when testing this update.
If I browse to my shop by typing the address in the address bar the chained ajax, php/mysql select options does not work it just sits trying to retrieve the second chained
select option. But if click on another page on the site and click back to the home page the chained select works fine.
-
Re: HTML tags show after upgrade to 1.3.9g
I have just copied the file extra_white_list.php to the folder admin/includes/extra_configures/. Thank you for this fix. It solves the problem with EZ-pages, but... there is still a similar problem with curriencies symbols.
I use a Polish zloty symbol. These are three letters PLN with a space at the left. E.g. my price may look like this: 14,74 PLN. I have to use the symbol as an "ordinary" space is ignored. So my "right symbol" parameter is PLN - and I get something like this: 14,47 PLN. I have to correct it in the database...
As I have 5 different currencies and have to change the exchange rates every day it is a bit painful...
Regards,
Stan
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
stanislawl
I have just copied the file extra_white_list.php to the folder admin/includes/extra_configures/. Thank you for this fix. It solves the problem with EZ-pages, but... there is still a similar problem with curriencies symbols.
I use a Polish zloty symbol. These are three letters PLN with a space at the left. E.g. my price may look like this: 14,74 PLN. I have to use the symbol as an "ordinary" space is ignored. So my "right symbol" parameter is PLN - and I get something like this: 14,47 PLN. I have to correct it in the database...
As I have 5 different currencies and have to change the exchange rates every day it is a bit painful...
Regards,
Stan
Code:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'symbol_right', 'symbol_left', 'message_html');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
Insert this code: symbol_right
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
Royal
Code:
<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist = array('file_contents', 'banners_html_text', 'pages_title', 'symbol_right', 'symbol_left', 'message_html');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);
Insert this code: symbol_right
Thank you, it is OK now!!!
Stan
-
Re: HTML tags show after upgrade to 1.3.9g
Hi,
The "white_list" code fix that problem for me. However I still can not load images. I am running on a test server, and after browsing for an image, upload to server, it just sits there, like it is thinking....I have to then close down the load image box.
any ideas? server is the latest xampp. fresh load zc1.39g
FCKeditor always worked for me before (zc1.38)
Thanks for any suggestions
Looper
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
Looper
Hi,
The "white_list" code fix that problem for me. However I still can not load images. I am running on a test server, and after browsing for an image, upload to server, it just sits there, like it is thinking....I have to then close down the load image box.
any ideas? server is the latest xampp. fresh load zc1.39g
FCKeditor always worked for me before (zc1.38)
Thanks for any suggestions
Looper
Make sure your image folder permission is 705 or 777 writable
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
countrycharm
Be fore and since I upgraded to the new html_output from zen-cart-v1.3.9g my bread crumbs still are doing the samething. Looks horrible. I have them cut off because they look that bad.
I'm still looking for a solution for the bread crumbs on the product info page. I fix the problem of what DrByte was talking about.
Home :: Home And Outdoor :: Shower Curtains | Window Panels :: Apollo Deluxe Shower Curtain
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
azimpact
All my issues are now fixed.
I was using the first code that was posted so I was having issues but once I added the last code posted things are working good again.
Thanks for the patch!
yep! me too, solve all issues I have, thank you for the patch!:clap:
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
countrycharm
I'm still looking for a solution for the
bread crumbs on the product info page. I fix the problem of what DrByte was talking about.
Home ::
Home And Outdoor ::
Shower Curtains | Window Panels :: Apollo Deluxe Shower Curtain
And if you turn off the SEO/rewrites ... :unsure:
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
Ajeh
And if you turn off the SEO/rewrites ... :unsure:
Hi Linda thanks for the help. If I turn off the SEO/rewrite the same thing is happening. In Admin->Configuration->Layout Settings->Bread Crumbs Navigation Separator it is creating a lot of &amp;amp;amp;nbsp;::&amp;amp;amp;nbsp; all by it's self for some reason. If I remove them like they should look it creates them again. Don't know whats going on.
Tgss Home&amp;amp;amp;nbsp;::&amp;amp;amp;nbsp; Home And Outdoor&amp;amp;amp;nbsp;::&amp;amp;amp;nbsp; Kitchen And Entertaining&amp;amp;amp;nbsp;::&amp;amp;amp;nbsp; Elvis Lives Mega Mug
-
Re: HTML tags show after upgrade to 1.3.9g
I cannot repeat this in v1.3.9g ...
What happens if you go to the Configuration ... Layout Settings ... and edit:
Quote:
Bread Crumbs Navigation Separator
Enter the separator symbol to appear between the Navigation Bread Crumb trail
Note: Include spaces with the symbol if you want them part of the separator.
Default = ::
and just put in there as a test:
::
-
Re: HTML tags show after upgrade to 1.3.9g
countrycharm,
I have tried that. within the properties the read only shows grayed out (actually red), but when i go ahead an clear the box, apply, ok, then go out and go back to the properties, the file is still grayed out. it is not checked, just grayed out.
but something else i noticed when reloading xampp 1.7.3, there is no php.ini file within the c:\xampp/apache/bin/ directory. The php.ini file is located in xampp/php directory.
I am use to changing the php.ini file within the apache/bin directory to remove the semicolon in front of the words ;extension=php_curl.dll to enable CURL.
Could that be a problem? now i wonder if i need to move the file to that directory.
Thanks,
Looper
responding to #96
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
Ajeh
I cannot repeat this in v1.3.9g ...
What happens if you go to the Configuration ... Layout Settings ... and edit:
and just put in there as a test:
::
Linda that seem to work for product infor page. It now look like this.
Tgss Home:: Home And Outdoor:: Bath And Spa Gift Sets:: Fine French Bath Set
However what about the Bestsellers - Number Padding the default is but it keeps creating the amp within it like so &nbsp;
The Categories Separator between the Category Name and Count by default
-> it creates all by itself -&gt;
The Categories Separator between the Category Name and Sub Categories
suppose to be by default |_ and it creates |_&nbsp;
So basically it is creating the amp and throwing it in there for some reason.
-
Re: HTML tags show after upgrade to 1.3.9g
Quote:
Originally Posted by
Looper
countrycharm,
I have tried that. within the properties the read only shows grayed out (actually red), but when i go ahead an clear the box, apply, ok, then go out and go back to the properties, the file is still grayed out. it is not checked, just grayed out.
but something else i noticed when reloading xampp 1.7.3, there is no php.ini file within the c:\xampp/apache/bin/ directory. The php.ini file is located in xampp/php directory.
I am use to changing the php.ini file within the apache/bin directory to remove the semicolon in front of the words ;extension=php_curl.dll to enable CURL.
Could that be a problem? now i wonder if i need to move the file to that directory.
Thanks,
Looper
responding to #96
Hi you might get more help in this thread.
http://www.zen-cart.com/forum/showth...PP+permissions
-
Re: HTML tags show after upgrade to 1.3.9g
I don't know off the top of my head I do not use that Best Seller scrolling Add On ...
-
Re: HTML tags show after upgrade to 1.3.9g
countrycharm,
hi, i am not sure about that thread. the bottom line that i can tell is that the HTML editor does not work in the 1.39g. Therefore the define_main_page.php is dead if you want to import images, etc... into those pages. I have been using xampp for years. I even reverted back to an earlier version. I guess the only other thing to try is to revert to zc1.37, my last know version that worked with FCKeditor, etc.. But that seems pointless.
If you are able to, and others, then how is this done otherwise.??
I simply copied the php.ini file to the directory to correct the CURL error on install.
Thanks for all
-
Re: HTML tags show after upgrade to 1.3.9g
CURL and xampp have nothing to do with any of this.