Sanitize contact form user input

**betheone** · 14 Jan 2012, 06:36 PM

I am using version 1.3.8a, and our site just failed the PCI compliance test that happens every 3 months.

They say the issue is "It appears that the cross-site scripting is flagging because the email section of the contact form is not sanitizing user input. Our code is being returned in full from that field. Please request your web developer to properly sanitize user input for this field."

Anyone know the easiest way to sanitize user input on the contact form?

Thanks much!

**Kim** · 14 Jan 2012, 07:25 PM

You need to upgrade ASAP. That version has known vulnerabilities

**betheone** · 14 Jan 2012, 09:03 PM

Is the upgrade easy to do myself?

**RescoCCC** · 14 Jan 2012, 09:09 PM

Upgrade tutorial:

https://www.zen-cart.com/tutorials/index.php?article=98

**betheone** · 17 Jan 2012, 08:33 AM

This looks quite complex. Is it something you think I should be able to do on my own? I'm somewhat web savvy but I did not do the original install of zencart.

**gjh42** · 17 Jan 2012, 03:33 PM

That depends largely on how much customization your site has, and whether it was done properly using the template/override system. You do need to be able to follow instructions correctly.

Thread: Sanitize contact form user input

Thread Tools

Search Thread

Display

Hybrid View

Sanitize contact form user input

Re: Sanitize contact form user input

Re: Sanitize contact form user input

Re: Sanitize contact form user input

Re: Sanitize contact form user input

Re: Sanitize contact form user input

Similar Threads

User Input Pricing?

Custom Contact Form - New Input Fields

Contact US page + One more Contact FORM :blink:

SPAM from ‘Contact Us’ form, even though form is removed

Posting Permissions