Results 1 to 10 of 77

Hybrid View

  1. #1
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    10,536
    Plugin Contributions
    127

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by lat9 View Post
    Oh boy! Recursion! That's always fun ... especially to debug.

    It also reminds me of one of my favorites (seen in a tongue-in-cheek document index):

    Recursion: See recursion.

    Infinite Loop: See Loop, Infinite

    Loop, Infinite: See Infinite Loop
    That Software Guy. My Store: Zen Cart Support
    Available for hire - See my ad in Services
    Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
    Do you benefit from Zen Cart? Then please support the project.

  2. #2
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,930
    Plugin Contributions
    4

    Default Re: AdminRequestSanitizer Error Log

    So I think I am close to a finished solution now

    https://github.com/zcwilt/zc-v1-seri...aee0cdd95199cb

    Just a couple of things left to do

    Add some more unit tests
    and update the Documentation for the Admin Sanitizer

  3. #3
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    13,948
    Plugin Contributions
    96

    Default Re: AdminRequestSanitizer Error Log

    It's looking good, so far! I'll keep at it and let you know if I come across anything.

  4. #4
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,930
    Plugin Contributions
    4

    Default Re: AdminRequestSanitizer Error Log

    I'm working on updated documentation, and probably some expanded tests.

    Will post here once done.

  5. #5
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    13,948
    Plugin Contributions
    96

    Default Re: AdminRequestSanitizer Error Log

    @wilt, is there a way to stop the unwanted htmlentities' conversions? If I order the product A Bug's Life "Multi Pak" Special 2003 Collectors Edition
    and then edit that order (simply pressing the "Update" button), the name changes to A Bug's Life "Multi Pak" Special 2003 Collectors Editi ... with the double-quotes converted to " and the name getting truncated due to the additional characters.

    The same thing happens if I enter a text attribute that uses special characters, e.g. Here's some text … gets converted to Here's some text … -- and it just gets worse each time that order is updated since each & is converted to &.

  6. #6
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,930
    Plugin Contributions
    4

    Default Re: AdminRequestSanitizer Error Log

    Have you defined any extra sanitizers.

    I'm about to update the docs regarding this.

    Quote Originally Posted by lat9 View Post
    @wilt, is there a way to stop the unwanted htmlentities' conversions? If I order the product A Bug's Life "Multi Pak" Special 2003 Collectors Edition
    and then edit that order (simply pressing the "Update" button), the name changes to A Bug's Life "Multi Pak" Special 2003 Collectors Editi ... with the double-quotes converted to " and the name getting truncated due to the additional characters.

    The same thing happens if I enter a text attribute that uses special characters, e.g. Here's some text … gets converted to Here's some text … -- and it just gets worse each time that order is updated since each & is converted to &.

  7. #7
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,930
    Plugin Contributions
    4

    Default Re: AdminRequestSanitizer Error Log

    Just to be clear here.

    If you want to test latest code, you need to pull in the changes from my https://github.com/zcwilt/zc-v1-seri...itizer-updates branch

    and there are 3 files

    admin/includes/auto_loaders/config.adminSanitize.php
    admin/includes/classes/AdminRequestSanitizer.php
    admin/includes/init_includes/init_sanitize.php

    Even pulling these in won't fix edit_orders as you then need to add your own sanitizers
    as a simple test I created

    /admin/includes/extra_datafiles/edit_orders_sanitize.php that contained

    PHP Code:
    <?php
    /**
     * Created by PhpStorm.
     * User: wilt
     * Date: 07/04/16
     * Time: 20:45
     */
    $sanitizer AdminRequestSanitizer::getInstance();
    $group = array(
        
    'id' => array('sanitizerType' => 'NULL_ACTION''method' => 'both''pages' => array('edit_orders'), 'params' => array()));
    $sanitizer->addComplexSanitization($group);
    $group = array(
        
    'update_products' => array('sanitizerType' => 'NULL_ACTION''method' => 'both''pages' => array('edit_orders'), 'params' => array()));
    $sanitizer->addComplexSanitization($group);
    and that fixed htmlentities problems

    Now of course, those should only be considered temporary fixes as they basically ignore sanitization for id and update_products, whereas what should be added is
    a MULTI_DIMENSIONAL sanitizer

 

 

Similar Threads

  1. v155 [Done v155a and v155b] AdminRequestSanitizer Problem
    By JRGoold in forum Bug Reports
    Replies: 15
    Last Post: 12 Dec 2016, 01:16 PM
  2. v151 Filename cannot be empty error in error log
    By woodlandsprite in forum General Questions
    Replies: 2
    Last Post: 29 Nov 2012, 06:03 AM
  3. Site down, getting error in debug error log
    By rcrosier in forum General Questions
    Replies: 3
    Last Post: 25 Mar 2009, 03:01 PM
  4. Replies: 6
    Last Post: 7 Dec 2007, 03:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg