Zen cart 1.5.6c, PHP 7.3.6 , mysql 5.6.43
I have read through the developer documentation and wanted to understand below.
I would like to know how I would add sanitisation for a field that I add to say product details. So I add a field called product location which I want to be SIMPLE_ALPHANUM_PLUS.
Should I create a file in /admin/includes/extra_datafiles/ say called product_details.php
and include the code.
PHP Code:
<?php
$sanitizer = AdminRequestSanitizer::getInstance();
$group = array(
'id' => array('sanitizerType' => 'SIMPLE_ALPHANUM_PLUS', 'method' => 'both', 'pages' => array('products_details'), 'params' => array()),
);
$sanitizer->addComplexSanitization($group);
Is it really that simple?
I assume that I would also have to include some validation in the updateproduct module etc. or is it ok to just assume that the sanitiser has done the job?
I have also added fields into shipping/and packing gID=7 at the moment they contain html and are altered to < etc so i update via database. But was wondering if this routine could be used in the future versions of zen cart to do the sanitisation?
Sorry if that is two things in one question. And i do know that there have been many questions on html fields being changed and that you are looking into a solution going forward. If you need me to split it please let me know.
Bookmarks