Problems with special characters in my Admin

[scott_ease]

I re-input the value. The bug still hassle. Thank you anyway.

[mikeel100]

Should be resolved by updating these files: https://www.zen-cart.com/showthread....33#post1312333

Will these files work in 1.5.6c? It looks like they are only good through 1.5.5f.

I am getting the conversion of & to &...running on XAMPP v3.2.4, PHP 7.3.15, most recent version of windows 10 64 bit.

I don't have a live site to show you at this time so I'll give you as much as I can to narrow down the issue.

My custom admin template is based on the Zencart admin/Configuration page.

A sub page of this is my backup program and one of it's options is to select which category to back up.

There are radio button selects in the right hand box for each top level category in my catalog...Health & Beauty being one of them.

When I select Health & Beauty, it returns Health & Beauty in the value column and screws up my script for backing up this category.

Yes, I can rename it to Health Beauty but prefer Health & Beauty.

I tried using html_decode in my script but the rest of the script failed even though the html_decode did change the category name correctly.

Thanks for your help.

[mikeel100]

Commenting this out in AdminRequestSanitizer.php makes the problem go away but I don't fully understand the impact of leaving this commented out.

PHP Code:

    public function setDoStrictSanitization($doStrictSanitize)
    {
        /*$this->doStrictSanitization = $doStrictSanitize;*/
    } 


[mikeel100]

The problem is not just occurring in my custom admin app.

Input boxes, check boxes and text boxes throughout admin are affected.

[mikeel100]

...or this in init_sanitze.php

PHP Code:

//$sanitizer->setDoStrictSanitization(DO_STRICT_SANITIZATION); 


[davewest]

...or this in init_sanitze.php

PHP Code:

//$sanitizer->setDoStrictSanitization(DO_STRICT_SANITIZATION); 


editing the core sanitizer is not a good idea. Creating your own class to add your new fields to a sanitizer group could help you... I did on the fields I created for my site such as products_details.. Documentation can be found here..

I'm in the middle of upgrading a mod that well have to have one created for it too..

[mikeel100]

Thanks Dave.

I know very little about classes or the reason and need for all this sanitizing...I'm sure it is security.

I appreciate the link and will look into it.

Since this is not happening solely in my admin app, I believe it is an issue that the "Team" needs to address.

My dev store is not live (home computer only) and will not be for some time.

I will leave my fix in place until someone can tell me why the entire admin area is affected and what we need to do to fix it.

If it was just happening in my dev app, I'd dig deeper.

[mikeel100]

I got my extra_configures files set up and working but what do I do with the sanitize_debug output?

Apr-26-2020 05:25:31
=================================

Incoming GET Request Array
(
[gID] => 31
[cID] => 555
[action] => save
)


Incoming POST Request Array
(
[securityToken] => 8c370e8059fb1a9b47ea59678c097822
[submitEZ_FEEDS_DEFAULT_CATEGORY] =>
[configuration_value] => Health & Beauty
)


Running Admin Sanitizers

PROCESSING SIMPLE_ALPHANUM_PLUS(GET) == action

PROCESSING SIMPLE_ALPHANUM_PLUS(GET) == cID

PROCESSING SIMPLE_ALPHANUM_PLUS(GET) == gID

PROCESSING STRICT_SANITIZE_VALUES == securityToken

PROCESSING STRICT_SANITIZE_VALUES == submitEZ_FEEDS_DEFAULT_CATEGORY

Outgoing GET Request Array
(
[gID] => 31
[cID] => 555
[action] => save
)


Outgoing POST Request Array
(
[securityToken] => 8c370e8059fb1a9b47ea59678c097822
[submitEZ_FEEDS_DEFAULT_CATEGORY] =>
[configuration_value] => Health & Beauty
)


Apr-26-2020 05:25:31
=================================

Incoming GET Request Array
(
[gID] => 31
[cID] => 555
)


Incoming POST Request Array
(
)


Running Admin Sanitizers

PROCESSING SIMPLE_ALPHANUM_PLUS(GET) == cID

PROCESSING SIMPLE_ALPHANUM_PLUS(GET) == gID

Outgoing GET Request Array
(
[gID] => 31
[cID] => 555
)


Outgoing POST Request Array
(
)

Sorry to be so dense but I really am clueless at this point.

Thanks.

[mc12345678]

I got my extra_configures files set up and working but what do I do with the sanitize_debug output?



Sorry to be so dense but I really am clueless at this point.

Thanks.

What do you mean "what do I do with the sanitize_debug output"? Are you asking what to do with the file? How to make it stop generating the file? What the contents of the file are telling you? Can you be a little more specific about the request?

[carlwhat]

What do you mean "what do I do with the sanitize_debug output"? Are you asking what to do with the file? How to make it stop generating the file? What the contents of the file are telling you? Can you be a little more specific about the request?

it seems that DO_DEBUG_SANITIZATION is set to true somewhere.

i would think setting it to false would address the output.