Hello,
I must ask for a little help.
I am trying to update a sales tax mod to protect against the $_get vulnerability, but am not quite able to find the correct change for the section of code listed below. Any guidance / help would be appreciated. I have this mod working (locally on a test machine) with Zen Cart 1.5, but wanted to update this section before posting the changes.
The sample below is but one of four pieces that do insert, save, update, and delete. All have the same format, so once one of them are updated the others should be easy.
In-case your interested in the mod I am looking at updating, this is the link.
http://www.zen-cart.com/downloads.php?do=file&id=422 (Local Sales Tax Mod)
First is a question, does this code even need to be updated, I believe it does based on what I have read in the forum...
Second, if it does, what changes will make this work (I understand I will have update the post back from get to post etc. when this is updated).
PHP Code:
$heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_NEW_LOCAL_SALES_TAX . '</b>');
$contents = array('form' => zen_draw_form('local_sales_tax', FILENAME_LOCAL_SALES_TAXES, 'page=' . $_GET['page'] . '&action=insert'));
$contents[] = array('text' => TEXT_INFO_INSERT_INTRO);
$contents[] = array('text' => '<br>' . TEXT_INFO_COUNTRY . '<br>' . zen_draw_pull_down_menu('zone_country_id', zen_get_countries(TEXT_ALL_COUNTRIES), '', 'onChange="update_zone(this.form);"'));
$contents[] = array('text' => '<br>' . TEXT_INFO_COUNTRY_ZONE . '<br>' . zen_draw_pull_down_menu('zone_id', zen_prepare_country_zones_pull_down()));
$contents[] = array('text' => '<br>' . TEXT_INFO_TAX_RATE . '<br>' . zen_draw_input_field('tax_rate'));
$contents[] = array('text' => '<br>' . TEXT_INFO_FIELDMATCH . '<br>' . zen_draw_pull_down_menu('tax_fieldmatch', $za_lookup));
$contents[] = array('text' => '<br>' . TEXT_INFO_DATAMATCH . '<br>' . zen_draw_textarea_field('tax_datamatch', false, 35, 4));
$contents[] = array('text' => '<br>' . TEXT_INFO_RATE_DESCRIPTION . '<br>' . zen_draw_input_field('tax_description'));
$contents[] = array('text' => '<br />' . TEXT_INFO_TAX_SHIPPING . '<br />' . zen_draw_radio_field('tax_shipping', 'false', true) . ' ' . TEXT_TAX_SHIPPING_FALSE . '<br />' . zen_draw_radio_field('tax_shipping', 'true') . ' ' . TEXT_TAX_SHIPPING_TRUE);
$contents[] = array('text' => '<br>' . TEXT_INFO_TAX_CLASS_TITLE . '<br>' . zen_tax_classes_pull_down('name="tax_class_id" style="font-size:10px"'));
$contents[] = array('align' => 'center', 'text' => '<br>' . zen_image_submit('button_insert.gif', IMAGE_INSERT) . ' <a href="' . zen_href_link(FILENAME_LOCAL_SALES_TAXES, 'page=' . $_GET['page']) . '">' . zen_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
//As I see it the following line needs to be updated.
$contents = array('form' => zen_draw_form('local_sales_tax', FILENAME_LOCAL_SALES_TAXES, 'page=' . $_GET['page'] . '&action=insert'));
//And, this one might need to be updated.
$contents[] = array('align' => 'center', 'text' => '<br>' . zen_image_submit('button_insert.gif', IMAGE_INSERT) . ' <a href="' . zen_href_link(FILENAME_LOCAL_SALES_TAXES, 'page=' . $_GET['page']) . '">' . zen_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
Thanks in advance for any suggestions / help.
Brent
Bookmarks