That Software Guy. My Store: Zen Cart Support
Available for hire - See my ad in Services
Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
Do you benefit from Zen Cart? Then please support the project.
So I think I am close to a finished solution now
https://github.com/zcwilt/zc-v1-seri...aee0cdd95199cb
Just a couple of things left to do
Add some more unit tests
and update the Documentation for the Admin Sanitizer
It's looking good, so far! I'll keep at it and let you know if I come across anything.
I'm working on updated documentation, and probably some expanded tests.
Will post here once done.
@wilt, is there a way to stop the unwanted htmlentities' conversions? If I order the product A Bug's Life "Multi Pak" Special 2003 Collectors Edition
and then edit that order (simply pressing the "Update" button), the name changes to A Bug's Life "Multi Pak" Special 2003 Collectors Editi ... with the double-quotes converted to " and the name getting truncated due to the additional characters.
The same thing happens if I enter a text attribute that uses special characters, e.g. Here's some text … gets converted to Here's some text … -- and it just gets worse each time that order is updated since each & is converted to &.
Just to be clear here.
If you want to test latest code, you need to pull in the changes from my https://github.com/zcwilt/zc-v1-seri...itizer-updates branch
and there are 3 files
admin/includes/auto_loaders/config.adminSanitize.php
admin/includes/classes/AdminRequestSanitizer.php
admin/includes/init_includes/init_sanitize.php
Even pulling these in won't fix edit_orders as you then need to add your own sanitizers
as a simple test I created
/admin/includes/extra_datafiles/edit_orders_sanitize.php that contained
and that fixed htmlentities problemsPHP Code:<?php
/**
* Created by PhpStorm.
* User: wilt
* Date: 07/04/16
* Time: 20:45
*/
$sanitizer = AdminRequestSanitizer::getInstance();
$group = array(
'id' => array('sanitizerType' => 'NULL_ACTION', 'method' => 'both', 'pages' => array('edit_orders'), 'params' => array()));
$sanitizer->addComplexSanitization($group);
$group = array(
'update_products' => array('sanitizerType' => 'NULL_ACTION', 'method' => 'both', 'pages' => array('edit_orders'), 'params' => array()));
$sanitizer->addComplexSanitization($group);
Now of course, those should only be considered temporary fixes as they basically ignore sanitization for id and update_products, whereas what should be added is
a MULTI_DIMENSIONAL sanitizer