Hi Guys.
I need to have HTML enabled within customer reviews.
Does anyone know what I need to do to get it working?
Thanks.
James
Hi Guys.
I need to have HTML enabled within customer reviews.
Does anyone know what I need to do to get it working?
Thanks.
James
FMUK Consulting - Web Design & Development | Graphics | Marketing | Apps - http://www.FMUKConsulting.co.uk
As with any "I wanna change the way it works, the approach I'd take to find out would be to look at the main_page= value in the URL of the page when a review is composed, then look at the header_php.php file for that page and find where that input field is used, and change the logic that's been applied to it.
BUT ...
Keep in mind that what you're doing is VERY dangerous from a security perspective.
When you remove the strip_tags() from the input you receive, you are now opening yourself up to CSRF and XSS attacks, so you need to sanitize. You need to sanitize EVERY place where that data is ever used (both the input from the visitor and every place where it's ever output back to the browser, both in non-admin and admin), and review to make sure you are 1000% certain that you've not allowed anyone to input iframes, script tags, and numerous other possible site-hijacking code into any reviews. Test test test test test and test again.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Bookmarks