also not error logs are being generated.
Printable View
also not error logs are being generated.
Ok thanks
Does it make sense just to add a third layer?
As far as I can tell this fixes the log.Code:foreach ($_POST as $key => $value) {
if (!in_array($key, $postToIgnore)) {
if (is_array($value)) {
foreach($value as $key2 => $val2){
if (is_array($val2)) {
foreach($val2 as $key3 => $val3){
$_POST[$key][$key2][$key3] = htmlspecialchars($val3);
}
} else {
$_POST[$key][$key2] = htmlspecialchars($val2);
}
}
} else {
$_POST[$key] = htmlspecialchars($value);
}
}
}
Edit orders fabricates the order totals in a multilayered structure. It probably does other things like this too.
Code:Array
(
[0] => Array
(
[code] => ot_combination_discounts
[title] => Combination Discounts :
[value] => 3.0000
)
[1] => Array
(
[code] => ot_fuelsurcharge
[title] => Fuel Surcharge:
[value] => 8.5753
)
[2] => Array
(
[code] => ot_shipping
[shipping_module] => flat
[title] => Regular Shipping (Basic shipping included):
[value] => 0.0000
)
[3] => Array
(
[code] => ot_snqd
[title] =>
[value] =>
[shipping_module] =>
)
)
A recursive approach could be taken instead of "planning" for depth... Also, it seems that since ZC 1.5.1 the use of htmlspecialchars has been expanded to include other "directives", should those not be added to that code instead of letting things go as defaulted?
Hi
I do have a pending commit that uses recursion.
https://github.com/zencart/zencart/pull/886/files
Wilt's fix has been merged into the v155 branch on github ... and is now part of core code since the 03-29-2016 zip of v155.
Please run it with Edit Orders. I think the only potential "issue" with it is that it might mangle any HTML in product names when editing one of those in an order.
This is a poor coding recommendation at this point especially with an overall fix provided, further it goes against the information provided at the Developer's Documentation area specifically on the use of this define.