Working with Zen-Cart version 1.3.8a fresh installation or upgrade from 1.3.7.
For the EZ-Pages editor as well as the define pages editor, I've found that if I type a URL that has entities such as "&" or "•" in it, I can type it in and save the changes and everything works great. However, when I go to edit that page in plain text, when I pull up the code, the entities appear as the characters themselves, such as "&" and "•", instead of "&" and "•". The result is that when you update your pages, you will eventually end up with a bunch of validation errors. Trust me, it will happen. Validation matters very much to me, and I hate the nuisance of find/replace every time I edit a page. Quite simply put, it's wrong.
I've corrected the problem on my own installations of Zen-Cart by doing the following:
Line 440 of /admin/ezpages.php, change "$ezInfo->pages_html_text" to htmlspecialchars($ezInfo->pages_html_text)
Line 197 of /admin/define_pages_editor.php, add a line of code that says: $file_contents = htmlspecialchars($file_contents); I'm not sure why you can't just add it to the existing "zen_draw_textarea_field" function parameters, but it doesn't work that way for me. I had to run htmlspecialchars on the $file_contents variable before calling the function for whatever reason.
I would recommend making these changes standard in any future releases of Zen-Cart. I would also recommend doing something similar for any other pages which employ the plain-text editor.
Thanks,
Ben
grafcaps.com et. al.
Bookmarks