Results 1 to 6 of 6
  1. #1
    Join Date
    Jan 2004
    Posts
    64,742
    Blog Entries
    6
    Plugin Contributions
    214

  2. #2
    Join Date
    Jan 2004
    Posts
    64,742
    Blog Entries
    6
    Plugin Contributions
    214

    Default Re: Known Bugs (and fixes) with v1.3.9b

    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jan 2004
    Posts
    64,742
    Blog Entries
    6
    Plugin Contributions
    214

    Default Re: Known Bugs (and fixes) with v1.3.9b

    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #4
    Join Date
    Jan 2004
    Posts
    64,742
    Blog Entries
    6
    Plugin Contributions
    214

    Default Re: Known Bugs (and fixes) with v1.3.9d

    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Jan 2004
    Posts
    64,742
    Blog Entries
    6
    Plugin Contributions
    214

    Default Known bug with v1.3.9g

    A pain point with v1.3.9g has to do with some sanitization safeties added for security reasons.
    Unfortunately there are some unpleasant side-effects whereby HTML code is rendered to display instead of being saved as intended.

    A workaround is posted here: http://www.zen-cart.com/forum/showthread.php?t=165081

    v1.3.9h will have a different approach which will make the whitelisting discussed in the above thread to be moot.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #6
    Join Date
    Jan 2004
    Posts
    64,742
    Blog Entries
    6
    Plugin Contributions
    214

    Default Re: Known bug with v1.3.9h and OLD versions of PHP (lower than 5.2.3)

    Symptoms:
    a) Using PHP version lower than 5.2.3 (and 5.2.3 is LESS THAN 5.2.13, for example. ie: 3 is less than 13)
    b) Zen Cart v1.3.9h
    c) On admin "home" page you notice that your list of customers shows only dates, not names.
    d) On admin product-edit screen you notice that the product name, description, and model number are empty when editing a product.
    e) Order details may show as blank in the orders/invoices/packinglist screens in the admin.

    NOTE: If you're using such an old version of PHP, then your site is certainly not PCI-Compliant, and is thus likely to contain known security problems in PHP, and you should be upgrading your hosting to a newer version of PHP.


    The following is ONLY a workaround for the symptoms mentioned above, and is NOT needed if you're using a current version of PHP.

    Solution:
    Strictly speaking, this is only necessary if you're using a PHP version lower than PHP 5.2.3

    1. /admin/includes/functions/general.php
    Line 39, change from:
    Code:
          return htmlspecialchars($string, ENT_COMPAT, CHARSET, FALSE);
    to:
    Code:
          return htmlspecialchars($string, ENT_COMPAT, CHARSET);
    2. /admin/includes/modules/product/collect_info.php
    (and if you use the other product types too, then *those* collect_info.php files as well. See below for the list of filenames.)

    Action: You have two choices:
    either:
    a) revert these files back to v1.3.9g versions (recommended, since it's simpler)
    or
    b) make similar edits in 3 lines in each file, removing the ", TRUE" in each of these sections of code:
    Approx line 299:
    Code:
                <td class="main"><?php echo zen_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . '&nbsp;' . zen_draw_input_field('products_name[' . $languages[$i]['id'] . ']', (isset($products_name[$languages[$i]['id']]) ? htmlspecialchars(stripslashes($products_name[$languages[$i]['id']]), ENT_COMPAT, CHARSET, TRUE) : htmlspecialchars(zen_get_products_name($pInfo->products_id, $languages[$i]['id']), ENT_COMPAT, CHARSET, TRUE)), zen_set_field_length(TABLE_PRODUCTS_DESCRIPTION, 'products_name')); ?></td>
    Approx line 412 (two spots on this line):
    Code:
              echo zen_draw_textarea_field('products_description[' . $languages[$i]['id'] . ']', 'soft', '100%', '30', (isset($products_description[$languages[$i]['id']])) ? htmlspecialchars(stripslashes($products_description[$languages[$i]['id']]), ENT_COMPAT, CHARSET, TRUE) : htmlspecialchars(zen_get_products_description($pInfo->products_id, $languages[$i]['id']), ENT_COMPAT, CHARSET, TRUE)); //,'id="'.'products_description' . $languages[$i]['id'] . '"');
    Approx line 433:
    Code:
                <td class="main"><?php echo zen_draw_separator('pixel_trans.gif', '24', '15') . '&nbsp;' . zen_draw_input_field('products_model', htmlspecialchars(stripslashes($pInfo->products_model), ENT_COMPAT, CHARSET, TRUE), zen_set_field_length(TABLE_PRODUCTS, 'products_model')); ?></td>
    (NOTE: Line-numbers will vary depending on which product-type file you're editing.)
    These are the additional product-type files which you may or may not be using:
    - /admin/includes/modules/document_general/collect_info.php
    - /admin/includes/modules/document_product/collect_info.php
    - /admin/includes/modules/product_free_shipping/collect_info.php
    - /admin/includes/modules/product_music/collect_info.php

    3. includes\modules\pages\shopping_cart\header_php.php
    Line 111, remove the ", TRUE":
    Code:
    $attr_value = htmlspecialchars($products[$i]['attributes_values'][$option], ENT_COMPAT, CHARSET, TRUE);
    Last edited by DrByte; 3 Nov 2010 at 05:35 AM. Reason: Updated to add #3.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. v155 Known Bugs (and fixes) with v1.5.5 , a, b, c, d, e
    By DrByte in forum Bug Reports
    Replies: 17
    Last Post: 16 Aug 2017, 03:25 AM
  2. v154 Known Bugs (and fixes) with v1.5.4
    By DrByte in forum Upgrading to 1.5.x
    Replies: 18
    Last Post: 18 Oct 2016, 06:17 PM
  3. v153 Known Bugs (and fixes) with v1.5.3
    By swguy in forum Upgrading to 1.5.x
    Replies: 9
    Last Post: 18 Oct 2016, 06:17 PM
  4. v150 Known Bugs (and fixes) with v1.5.0
    By DrByte in forum Upgrading to 1.5.x
    Replies: 5
    Last Post: 18 Oct 2016, 06:17 PM
  5. v155 Known Bugs (and fixes) with v1.5.5 , a, b, c, d, e
    By DrByte in forum Bug Reports
    Replies: 0
    Last Post: 20 Mar 2016, 03:46 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR