Just to be clear here.
If you want to test latest code, you need to pull in the changes from my https://github.com/zcwilt/zc-v1-seri...itizer-updates branch
and there are 3 files
admin/includes/auto_loaders/config.adminSanitize.php
admin/includes/classes/AdminRequestSanitizer.php
admin/includes/init_includes/init_sanitize.php
Even pulling these in won't fix edit_orders as you then need to add your own sanitizers
as a simple test I created
/admin/includes/extra_datafiles/edit_orders_sanitize.php that contained
PHP Code:
<?php
/**
* Created by PhpStorm.
* User: wilt
* Date: 07/04/16
* Time: 20:45
*/
$sanitizer = AdminRequestSanitizer::getInstance();
$group = array(
'id' => array('sanitizerType' => 'NULL_ACTION', 'method' => 'both', 'pages' => array('edit_orders'), 'params' => array()));
$sanitizer->addComplexSanitization($group);
$group = array(
'update_products' => array('sanitizerType' => 'NULL_ACTION', 'method' => 'both', 'pages' => array('edit_orders'), 'params' => array()));
$sanitizer->addComplexSanitization($group);
and that fixed htmlentities problems
Now of course, those should only be considered temporary fixes as they basically ignore sanitization for id and update_products, whereas what should be added is
a MULTI_DIMENSIONAL sanitizer