also not error logs are being generated.
also not error logs are being generated.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Ok thanks
Does it make sense just to add a third layer?
As far as I can tell this fixes the log.Code:foreach ($_POST as $key => $value) { if (!in_array($key, $postToIgnore)) { if (is_array($value)) { foreach($value as $key2 => $val2){ if (is_array($val2)) { foreach($val2 as $key3 => $val3){ $_POST[$key][$key2][$key3] = htmlspecialchars($val3); } } else { $_POST[$key][$key2] = htmlspecialchars($val2); } } } else { $_POST[$key] = htmlspecialchars($value); } } }
That Software Guy. My Store: Zen Cart Modifications
Available for hire - See my ad in Services
Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
Do you benefit from Zen Cart? Then please support the project.
Edit orders fabricates the order totals in a multilayered structure. It probably does other things like this too.
Code:Array ( [0] => Array ( [code] => ot_combination_discounts [title] => Combination Discounts : [value] => 3.0000 ) [1] => Array ( [code] => ot_fuelsurcharge [title] => Fuel Surcharge: [value] => 8.5753 ) [2] => Array ( [code] => ot_shipping [shipping_module] => flat [title] => Regular Shipping (Basic shipping included): [value] => 0.0000 ) [3] => Array ( [code] => ot_snqd [title] => [value] => [shipping_module] => ) )
That Software Guy. My Store: Zen Cart Modifications
Available for hire - See my ad in Services
Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
Do you benefit from Zen Cart? Then please support the project.
A recursive approach could be taken instead of "planning" for depth... Also, it seems that since ZC 1.5.1 the use of htmlspecialchars has been expanded to include other "directives", should those not be added to that code instead of letting things go as defaulted?
ZC Installation/Maintenance Support <- Site
Contribution for contributions welcome...
Hi
I do have a pending commit that uses recursion.
https://github.com/zencart/zencart/pull/886/files
Wilt's fix has been merged into the v155 branch on github ... and is now part of core code since the 03-29-2016 zip of v155.
Please run it with Edit Orders. I think the only potential "issue" with it is that it might mangle any HTML in product names when editing one of those in an order.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Our Site: http://zucando.com
Marketing Plugins: Marketing Modules
Free Response Templates: Responsive Templates
This is a poor coding recommendation at this point especially with an overall fix provided, further it goes against the information provided at the Developer's Documentation area specifically on the use of this define.
ZC Installation/Maintenance Support <- Site
Contribution for contributions welcome...
Bookmarks