Just to be clear here.

If you want to test latest code, you need to pull in the changes from my https://github.com/zcwilt/zc-v1-seri...itizer-updates branch

and there are 3 files

admin/includes/auto_loaders/config.adminSanitize.php
admin/includes/classes/AdminRequestSanitizer.php
admin/includes/init_includes/init_sanitize.php

Even pulling these in won't fix edit_orders as you then need to add your own sanitizers
as a simple test I created

/admin/includes/extra_datafiles/edit_orders_sanitize.php that contained

PHP Code:
<?php
/**
 * Created by PhpStorm.
 * User: wilt
 * Date: 07/04/16
 * Time: 20:45
 */
$sanitizer AdminRequestSanitizer::getInstance();
$group = array(
    
'id' => array('sanitizerType' => 'NULL_ACTION''method' => 'both''pages' => array('edit_orders'), 'params' => array()));
$sanitizer->addComplexSanitization($group);
$group = array(
    
'update_products' => array('sanitizerType' => 'NULL_ACTION''method' => 'both''pages' => array('edit_orders'), 'params' => array()));
$sanitizer->addComplexSanitization($group);
and that fixed htmlentities problems

Now of course, those should only be considered temporary fixes as they basically ignore sanitization for id and update_products, whereas what should be added is
a MULTI_DIMENSIONAL sanitizer