Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16
  1. #11
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: AdminRequestSanitizer Problem

    Quote Originally Posted by schoolboy View Post
    but when I put the tags in, it is not sanitizing and converts the < to &lt; , and the > to &gt; .
    Actually, it *is* sanitizing; actually appears to be sanitizing something you wish it didn't.

    The process to change this is to identify the name of the input field, and change which sanitization rule is being applied to it for the specified page.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  2. #12
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,399
    Plugin Contributions
    87

    Default Re: AdminRequestSanitizer Problem

    @schoolboy, towards the bottom of the (Zen Cart 1.5.5b) file /YOUR_ADMIN/includes/init_includes/init_sanitize.php, find:
    Code:
    $group = array('customers_email_address' => array('sanitizerType' => 'SANITIZE_EMAIL_AUDIENCE', 'method' => 'post', 'pages' => array('mail')));
    $sanitizer->addComplexSanitization($group);
    
    $group = array('customers_email_address');
    $sanitizer->addSimpleSanitization('SANITIZE_EMAIL', $group);
    
    $group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments');
    $sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group);
    
    $group = array('products_url');
    $sanitizer->addSimpleSanitization('PRODUCT_URL_REGEX', $group);
    
    $group = array('coupon_min_order');
    $sanitizer->addSimpleSanitization('CURRENCY_VALUE_REGEX', $group);
    and add the highlighted variable name to enable HTML tags in the products' options' comments:
    Code:
    $group = array('customers_email_address' => array('sanitizerType' => 'SANITIZE_EMAIL_AUDIENCE', 'method' => 'post', 'pages' => array('mail')));
    $sanitizer->addComplexSanitization($group);
    
    $group = array('customers_email_address');
    $sanitizer->addSimpleSanitization('SANITIZE_EMAIL', $group);
    
    $group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments', 'products_options_comment');
    $sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group);
    
    $group = array('products_url');
    $sanitizer->addSimpleSanitization('PRODUCT_URL_REGEX', $group);
    
    $group = array('coupon_min_order');
    $sanitizer->addSimpleSanitization('CURRENCY_VALUE_REGEX', $group);

  3. #13
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Problem

    Hi

    There is some documentation about customizing the sanitizers here

    However, to make your life easier, here is what to do.

    Create a new file in [admin]/includes/extra_datafiles/

    I named it sanitize_products_options_comment.php

    contents of the file should be

    PHP Code:
    <?php
    $sanitizer 
    AdminRequestSanitizer::getInstance();
    $group = array(
        
    'products_options_comment' => array('sanitizerType' => 'PRODUCT_DESC_REGEX''method' => 'post'),
    );
    $sanitizer->addComplexSanitization($group);

    Quote Originally Posted by schoolboy View Post
    I need to enclose some text in html tags, in the Option Names Comments field, but when I put the tags in, it is not sanitizing and converts the < to < , and the > to > . I have to then go into the database and change them back to < and > so that they do not render as < and > in-screen.

    eg: <hr /> becomes <hr />

    How do I fix this?

  4. #14
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,896
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Problem

    Note.

    Have also opened a github issue.
    https://github.com/zencart/zencart/issues/1348

  5. #15
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,262
    Plugin Contributions
    3

    Default Re: AdminRequestSanitizer Problem

    Quote Originally Posted by wilt View Post
    Hi

    There is some documentation about customizing the sanitizers here

    However, to make your life easier, here is what to do.

    Create a new file in [admin]/includes/extra_datafiles/

    I named it sanitize_products_options_comment.php

    contents of the file should be

    PHP Code:
    <?php
    $sanitizer 
    AdminRequestSanitizer::getInstance();
    $group = array(
        
    'products_options_comment' => array('sanitizerType' => 'PRODUCT_DESC_REGEX''method' => 'post'),
    );
    $sanitizer->addComplexSanitization($group);
    Thanks wilt - that works.

    @lat9...
    I tried your suggestion a few days ago and it wouldn't work for me, but thanks for the suggestion.
    PHP Code:
    $group = array('products_description''coupon_desc''file_contents''categories_description''message_html''banners_html_text''pages_html_text''comments''products_options_comment');
    $sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX'$group); 
    19 years a Zencart User

  6. #16
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,399
    Plugin Contributions
    87

    Default Re: AdminRequestSanitizer Problem

    Hmm, I wonder why that didn't work for you; it's working just fine for me.

 

 
Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Done v155b] MasterCard 2-series BIN
    By jackie.taferner in forum Bug Reports
    Replies: 10
    Last Post: 9 Apr 2017, 09:34 PM
  2. v155 [Done v155b] Fax number on tpl_account_edit_default.php
    By istilah in forum Bug Reports
    Replies: 1
    Last Post: 12 Oct 2016, 01:36 AM
  3. Replies: 1
    Last Post: 12 Oct 2016, 01:22 AM
  4. v155 [Done v155b] admin css selector language-dependent
    By torvista in forum Bug Reports
    Replies: 1
    Last Post: 12 Oct 2016, 01:19 AM
  5. v155 [Done v155b] AJAX: Session-variable changes not saved
    By lat9 in forum Bug Reports
    Replies: 5
    Last Post: 18 Aug 2016, 12:20 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR