Results 1 to 2 of 2
  1. 17 Oct 2010, 05:18 AM #1
    Tick
    Tick is offline New Zenner
    Join Date
    Jun 2007
    Location
    Phoenix, AZ
    Posts
    69
    Plugin Contributions
    0

    Default [N/A] Error in instructions for global_xss_whitelist

    Hello all,

    There is an error in the instructions in admin/includes/init_includes/init_sanitize.php.

    The instructions read:
    Code:
    /**
 * process all $_POST terms
 * Notes to contribution developers. 
 * If you need to add your own override for the whitelist, you should not just simply set
 * $global_xss_whitelist but merge it with any possible previous values, in order to honour other 
 * contributions.
 * 
 * eg. create an override file in the admin/includes/extra_configures directory  containing
 * 
 * $global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
 * $my_whitelist  = array('some_field_name');
 * $global_xss_whitelist = array_merge($whitelist, $global_xss_whitelist); 
 */
    For the given code to work "$my_whitelist" should be "$whitelist". It's trivial, but I for one copied and pasted from the example and had to figure out why it didn't work as expected.

    Thanks!
  2. 17 Oct 2010, 10:22 PM #2
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    66,373
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Error in instructions for global_xss_whitelist

    As stated in the thread that shows some recommended whitelist updates, the whole whitelist is being removed in 1.3.9h.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. Instructions for USPS V1.5 Module
    By Treadle in forum Addon Shipping Modules
    Replies: 2
    Last Post: 11 Jul 2011, 02:02 AM
  2. Mysql field for for Comments/Special Instructions
    By OrganicMan in forum Templates, Stylesheets, Page Layout
    Replies: 1
    Last Post: 24 Jul 2008, 07:52 PM
  3. Special Instructions/Order Comments Error
    By kenaniah in forum General Questions
    Replies: 4
    Last Post: 12 Dec 2006, 06:19 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR
Content and Graphics Copyright (c) 2003 - 2024 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC