Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2009
    Posts
    416
    Plugin Contributions
    2

    Default htm speciall characters in configuration fields

    Site Url: Innerlightcrystals.co.uk/sales
    PHP version: 7.3

    There is an issue with including any htmlspecial characters in fields in Admin configuration.
    For example:
    The default Bread Crumbs Navigation Separator in configuration>layout settings is  ::  if you edit and save without changing the value it becomes  ::  do it again and you get  :: and so on.

    I have gone in to phpmyadmin and edited the value back to the correct value which works. This however would be an issue for any field that contains &, ",>,<, and may be more.
    Mark Brittain
    http:\\innerlightcrystals.co.uk\sales\

  2. #2
    Join Date
    Apr 2009
    Posts
    416
    Plugin Contributions
    2

    Default Re: htm speciall characters in configuration fields

    Think part of the issue is that double encoding is turned on for html special characters. so existing special chars like &amp; are being converted again. Even with that set to false on line 207
    PHP Code:
    eval('$value_field = ' $cInfo->set_function '"' htmlspecialchars($cInfo->configuration_valueENT_COMPATCHARSETFALSE) . '");'); 
    in configuration.php. This stops the duplication of the & characters but still dose not allow you to enter html as the characters are still converted.
    Mark Brittain
    http:\\innerlightcrystals.co.uk\sales\

  3. #3
    Join Date
    Apr 2009
    Posts
    416
    Plugin Contributions
    2

    Default Re: htm speciall characters in configuration fields

    Have found a possible solution:
    changing line 24 :
    PHP Code:
     $configuration_value zen_db_prepare_input(htmlspecialchars_decode($_POST['configuration_value'])); 
    to include htmlspecialchars_decode appears to work.
    Ignore previous post.
    Not sure what the implications of doing this are so if this proposal is ok please let me know.
    Mark Brittain
    http:\\innerlightcrystals.co.uk\sales\

  4. #4
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: htm speciall characters in configuration fields

    The issue is caused by strict sanitization performed on configuration_key entry in the admin's sanitization in absence of specific sanitization by key. A path for addressing this is in ZC 1.5.7 and discussed elsewhere in this forum.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

 

 

Similar Threads

  1. v156 HTML tags in configuration fields
    By zcfan in forum Basic Configuration
    Replies: 6
    Last Post: 6 Sep 2022, 02:38 PM
  2. v156 Configuration value not saving special characters
    By ntestinfo11 in forum Bug Reports
    Replies: 7
    Last Post: 9 Aug 2019, 04:12 PM
  3. v154 Issue with Special Characters in Fields
    By hc1501 in forum General Questions
    Replies: 8
    Last Post: 14 Aug 2018, 08:00 PM
  4. Replies: 0
    Last Post: 4 Sep 2017, 08:11 AM
  5. Text Configuration - Strange Characters
    By imp_cha in forum Templates, Stylesheets, Page Layout
    Replies: 3
    Last Post: 7 Jul 2009, 10:33 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR