Just use:
$_SESSION['comments'] = zen_output_string_protected($_POST['comments']);
... and BE SURE to plan for an upgrade in the next couple months. Seriously.
(Edit: I see in another forum thread you've said you're working on your upgrade. Kudos.)
Results 1 to 2 of 2
Hybrid View
-
2 Dec 2015, 07:31 PM #1
Sensei
- Join Date
- Jan 2004
- Posts
- 66,444
- Plugin Contributions
- 279
Re: XSS comment field fix
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Reply With QuoteSimilar Threads
-
v150 I need header_php.php for products_description2
By shawnhbk in forum All Other Contributions/AddonsReplies: 8Last Post: 15 Apr 2012, 10:04 PM -
How to override header_php.php or how to add a new field to order confirmation email
By monkeytown in forum Templates, Stylesheets, Page LayoutReplies: 5Last Post: 25 Jan 2008, 06:01 PM -
xss fix vs google checkout - how do I do this?
By fats1964 in forum General QuestionsReplies: 0Last Post: 5 Jul 2007, 05:04 PM -
[FIX] v1.3.5 XSS Exploits Found
By catv in forum Bug ReportsReplies: 19Last Post: 29 Oct 2006, 05:51 PM -
Zero-Day XSS Security Fix
By athena in forum General QuestionsReplies: 2Last Post: 12 Oct 2006, 08:17 PM
