Page 2 of 8 FirstFirst 1234 ... LastLast
Results 11 to 20 of 77
  1. #11
    Join Date
    May 2008
    Posts
    359
    Plugin Contributions
    0

    Default Re: AdminRequestSanitizer Error Log

    also not error logs are being generated.

  2. #12
    Join Date
    Jan 2004
    Posts
    64,728
    Blog Entries
    6
    Plugin Contributions
    214

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by marcopolo View Post
    Below is the output however I do not think it's executing all the way as nothing is saving.
    Right. It's just to get an idea of what data needs treatment.

    Thanks, that info is helpful.
    Remove those lines I suggested, as they're just for collecting data. Use wilt's temporary suggestion until a proper fix is determined.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #13
    Join Date
    May 2008
    Posts
    359
    Plugin Contributions
    0

    Default Re: AdminRequestSanitizer Error Log

    Ok thanks

  4. #14
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    5,615
    Plugin Contributions
    64

    Default Re: AdminRequestSanitizer Error Log

    Does it make sense just to add a third layer?

    Code:
            foreach ($_POST as $key => $value) {
                if (!in_array($key, $postToIgnore)) {
                    if (is_array($value)) {
                        foreach($value as $key2 => $val2){
                            if (is_array($val2)) {
                               foreach($val2 as $key3 => $val3){
                                  $_POST[$key][$key2][$key3] = htmlspecialchars($val3);
                               }
                            } else {
                               $_POST[$key][$key2] = htmlspecialchars($val2);
                            }
                        }
                    } else {
                        $_POST[$key] = htmlspecialchars($value);
                    }
                }
            }
    As far as I can tell this fixes the log.
    That Software Guy, Plugin Moderator. Store: Zen Cart Modifications
    Contributions: Quantity Discounts, Better Together, SMS on Sale, Gift Wrap at Checkout, and more.

  5. #15
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    5,615
    Plugin Contributions
    64

    Default Re: AdminRequestSanitizer Error Log

    Edit orders fabricates the order totals in a multilayered structure. It probably does other things like this too.

    Code:
    Array
    (
        [0] => Array
            (
                [code] => ot_combination_discounts
                [title] => Combination Discounts :
                [value] => 3.0000
            )
    
        [1] => Array
            (
                [code] => ot_fuelsurcharge
                [title] => Fuel Surcharge:
                [value] => 8.5753
            )
    
        [2] => Array
            (
                [code] => ot_shipping
                [shipping_module] => flat
                [title] => Regular Shipping (Basic shipping included):
                [value] => 0.0000
            )
    
        [3] => Array
            (
                [code] => ot_snqd
                [title] =>
                [value] =>
                [shipping_module] =>
            )
    
    )
    That Software Guy, Plugin Moderator. Store: Zen Cart Modifications
    Contributions: Quantity Discounts, Better Together, SMS on Sale, Gift Wrap at Checkout, and more.

  6. #16
    Join Date
    Jul 2012
    Posts
    11,523
    Plugin Contributions
    13

    Default Re: AdminRequestSanitizer Error Log

    A recursive approach could be taken instead of "planning" for depth... Also, it seems that since ZC 1.5.1 the use of htmlspecialchars has been expanded to include other "directives", should those not be added to that code instead of letting things go as defaulted?
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

  7. #17
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,876
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Error Log

    Hi

    I do have a pending commit that uses recursion.
    https://github.com/zencart/zencart/pull/886/files

  8. #18
    Join Date
    Jan 2004
    Posts
    64,728
    Blog Entries
    6
    Plugin Contributions
    214

    Default Re: AdminRequestSanitizer Error Log

    Wilt's fix has been merged into the v155 branch on github ... and is now part of core code since the 03-29-2016 zip of v155.


    Please run it with Edit Orders. I think the only potential "issue" with it is that it might mangle any HTML in product names when editing one of those in an order.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #19
    Join Date
    Sep 2008
    Posts
    205
    Plugin Contributions
    12

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by marcopolo View Post
    When using edit orders Zen Cart v1.5.4
    I'm getting the following error, edit orders does not save properly so not sure is this something edit orders needs to address or is this an issue with the AdminRequestSanitizer.php file?

    [18-Mar-2016 09:23:18 America/New_York] PHP Warning: htmlspecialchars() expects parameter 1 to be string, array given in /var/admin/includes/classes/AdminRequestSanitizer.php on line 319
    Add this code on top of edit_order.php
    PHP Code:
    define('DO_STRICT_SANITIZATION'false); 
    Our Site: http://zucando.com
    Marketing Plugins: Marketing Modules
    Free Response Templates: Responsive Templates

  10. #20
    Join Date
    Jul 2012
    Posts
    11,523
    Plugin Contributions
    13

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by cvhainb View Post
    Add this code on top of edit_order.php
    PHP Code:
    define('DO_STRICT_SANITIZATION'false); 
    This is a poor coding recommendation at this point especially with an overall fix provided, further it goes against the information provided at the Developer's Documentation area specifically on the use of this define.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...
    Upgraded to Zen Cart V1.5.3 from V1.5.1 from V1.5.0 from V1.3.9h

 

 
Page 2 of 8 FirstFirst 1234 ... LastLast

Similar Threads

  1. v155 [Done v155a and v155b] AdminRequestSanitizer Problem
    By JRGoold in forum Bug Reports
    Replies: 15
    Last Post: 12 Dec 2016, 01:16 PM
  2. v151 Filename cannot be empty error in error log
    By woodlandsprite in forum General Questions
    Replies: 2
    Last Post: 29 Nov 2012, 06:03 AM
  3. Site down, getting error in debug error log
    By rcrosier in forum General Questions
    Replies: 3
    Last Post: 25 Mar 2009, 03:01 PM
  4. Replies: 6
    Last Post: 7 Dec 2007, 03:42 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR