Originally Posted by
mc12345678
Great! Now, very important question. (meaning could save a bit of time related to testing.) if you "remove" the file I suggested adding to your file path, and again attempt to add something that has html in it, does it now work as expected or is it back to square one?
I put the word remove in quotes because all you have to do to prevent it from loading is rename the extension from php to some other ending. It only affects entry of information in the admin so there should be no negative effect other than the possibility of html being displayed again.
Anyways, thought is, verify that with the latest updated sanitizer and without the specialized sanitizer code for the plugin that there remains a problem when html is entered/present.
For what it's worth, I had also gone ahead and tried to apply the sanitization I suggested for ZC code to a store then enter in say a product's name with html and without further modification of other parts of the ZC store I'd say that the sanitization didn't exactly help anything. For example the manufacturers name when added to the dropdown list will show the html because the dropdown list itself is coded to show the html. My test was to apply a bold and/or italic html property around the text. (yes I know css is preferred for some things like this, but the point is/was to see the effect of incorporating html into the parts of the process. The other thing that didn't look "right" was the information in the browser tab which also displayed the html. So, my point being, I'm not so sure that the few ZC suggested corrections truly provide a useful benefit to anyone other than the few that have modified standard operation of the above discussed or beyond objects. Those individuals either are likely to already have a similar specialized sanitizer file or have directed modification of the core ZC files. Point being, i could be wrong, but seems like there is not a current need for everyone to have the additional ZC sanitizer rules in the core code because entry of information that it doesn't filter out upon saving still gets overly "sanitized" later during operation pretty much by necessity.
Okay, back to the point: please verify that the provided file is what fixed the issue when applied against a system with updated sanitizer rules. :)
Bookmarks