Page 5 of 8 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 77
  1. #41
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,399
    Plugin Contributions
    87

    Default Re: AdminRequestSanitizer Error Log

    Another question: How do array variables get registered with the sanitizer? Do I "register" each sub-variable name? Is there a sanitizer group to define an array variable?

  2. #42
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by lat9 View Post
    Since the id parameter is already sanitized, is there no hope?
    Hi

    So yes there is hope :)

    I would forget about changing id -> attr_info, especially if it is likely to break other code.

    The new version of the adminSanitizer class i'm currently working on. will allow you to override sanitization on a per page basis. So even if we give a
    general sanitizer for the id parameter, you will be able to override that for edit orders.
    Last edited by wilt; 5 Apr 2016 at 07:46 PM.

  3. #43
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by lat9 View Post
    Another question: How do array variables get registered with the sanitizer? Do I "register" each sub-variable name? Is there a sanitizer group to define an array variable?
    So at the moment there is no way of defining sanitization except at a top level basis,

    so I can't add sanitizers at a sub level at the moment

    However again, I'm currently working on a MUTLI_DIMENSIONAL sanitizer that allows you to define something like

    PHP Code:
    $group = array(
                
    'id' => array('sanitizerType' => 'MULTI_DIMENSIONAL'
                
    'method' => 'post''pages' => array('edit_orders'), 'params' => array('id'=>'CONVERT_INT''name'=>'WORDS_AND_SYMBOLS_REGEX'))); 

    at the moment this still doesn't let you recurse even deeper.

    so if you look at edit orders it creates a post array

    PHP Code:
    [update_products] => Array
            (
                [
    13] => Array
                    (
                        [
    qty] => 1
                        
    [name] => Microsoft IntelliMouse Explorer
                        
    [onetime_charges] => 0.0000
                        
    [attr] => Array
                            (
                                [
    3] => Array
                                    (
                                        [
    value] => 11
                                        
    [type] => 0
                                    
    )

                            )

                        [
    model] => MSIMEXP
                        
    [tax] => 0
                        
    [final_price] => 70.95 

    and MULTI_DIMENSIONAL doesn't allow you to define a deep sanitizer for [attr]

    what I want to happen is to allow you to define MUTLI_DIMENSIONAL within an outer MUTLI_DIMENSIONAL, but as you can imagine, that involves
    some wonderful recursive structures/code.
    Last edited by wilt; 5 Apr 2016 at 07:45 PM.

  4. #44
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,399
    Plugin Contributions
    87

    Default Re: AdminRequestSanitizer Error Log

    Oh boy! Recursion! That's always fun ... especially to debug.

    It also reminds me of one of my favorites (seen in a tongue-in-cheek document index):

    Recursion: See recursion.

  5. #45
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by lat9 View Post
    Recursion: See recursion.


    Hoping to finish the code for this tonight.

    The data structure for defining the sanitization would be

    PHP Code:
            $group = array(
                
    'update_products' => array(
                    
    'sanitizerType' => 'MULTI_DIMENSIONAL',
                    
    'method' => 'post',
                    
    'pages' => array('edit_orders'),
                    
    'params' => array(
                        
    'update_products' => array('sanitizerType' => 'CONVERT_INT'),
                        
    'qty' => array('sanitizerType' => 'CONVERT_INT'),
                        
    'name' => array('sanitizerType' => 'WORDS_AND_SYMBOLS_REGEX'),
                        
    'onetime_charges' => array('sanitizerType' => 'SIMPLE_ALPHANUM_PLUS'),
                        
    'attr' => array(
                            
    'sanitizerType' => 'MULTI_DIMENSIONAL',
                            
    'params' => array(
                                
    'attr' => array('sanitizerType' => 'CONVERT_INT'),
                                
    'value' => array('sanitizerType' => 'CONVERT_INT'),
                                
    'type' => array('sanitizerType' => 'CONVERT_INT')
                            )
                        ),
                        
    'model' => array('sanitizerType' => 'WORDS_AND_SYMBOLS_REGEX'),
                        
    'tax' => array('sanitizerType' => 'SIMPLE_ALPHANUM_PLUS'),
                        
    'final_price' => array('sanitizerType' => 'SIMPLE_ALPHANUM_PLUS'),
                    )
                )
            ); 
    It should be noted that you don't necessarily have to go to this level of sanitizing, but I feel it should be available.

    My most recent changes are here
    https://github.com/zcwilt/zc-v1-seri...9ff41070bab641
    however that doesn't yet have code to do the MULTI_DIMENSIONAL recursion.

  6. #46
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,399
    Plugin Contributions
    87

    Default Re: AdminRequestSanitizer Error Log

    Looks good, wilt; that's how I was envisioning the configuration. I'll watch for your updates.

  7. #47
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    9,622
    Plugin Contributions
    123

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by lat9 View Post
    Oh boy! Recursion! That's always fun ... especially to debug.

    It also reminds me of one of my favorites (seen in a tongue-in-cheek document index):

    Recursion: See recursion.

    Infinite Loop: See Loop, Infinite

    Loop, Infinite: See Infinite Loop
    That Software Guy. My Store: Zen Cart Modifications
    Available for hire - See my ad in Services
    Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
    Do you benefit from Zen Cart? Then please support the project.

  8. #48
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Error Log

    So I think I am close to a finished solution now

    https://github.com/zcwilt/zc-v1-seri...aee0cdd95199cb

    Just a couple of things left to do

    Add some more unit tests
    and update the Documentation for the Admin Sanitizer

  9. #49
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,399
    Plugin Contributions
    87

    Default Re: AdminRequestSanitizer Error Log

    It's looking good, so far! I'll keep at it and let you know if I come across anything.

  10. #50
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Error Log

    I'm working on updated documentation, and probably some expanded tests.

    Will post here once done.

 

 
Page 5 of 8 FirstFirst ... 34567 ... LastLast

Similar Threads

  1. v155 [Done v155a and v155b] AdminRequestSanitizer Problem
    By JRGoold in forum Bug Reports
    Replies: 15
    Last Post: 12 Dec 2016, 01:16 PM
  2. v151 Filename cannot be empty error in error log
    By woodlandsprite in forum General Questions
    Replies: 2
    Last Post: 29 Nov 2012, 06:03 AM
  3. Site down, getting error in debug error log
    By rcrosier in forum General Questions
    Replies: 3
    Last Post: 25 Mar 2009, 03:01 PM
  4. Replies: 6
    Last Post: 7 Dec 2007, 03:42 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR