Let's try this change instead. In /admin/includes/init_includes/init_sanitize.php, find this section
Code:
$group = array(
'pages_title', 'page_params', 'music_genre_name', 'artists_name', 'record_company_name', 'countries_name', 'name', 'type_name', 'manufacturers_name',
'title', 'coupon_name', 'coupon_copy_to_dup_name', 'banners_title', 'coupon_code', 'coupon_delete_duplicate_code', 'coupon_type',
'group_name', 'geo_zone_name', 'geo_zone_description',
'tax_class_description', 'tax_class_title', 'tax_description', 'entry_company', 'customers_firstname',
'customers_lastname', 'entry_street_address', 'entry_suburb', 'entry_city', 'entry_state', 'customers_referral',
'symbol_left', 'symbol_right', 'products_model', 'alt_url', 'email_to_name',
);
$sanitizer->addSimpleSanitization('WORDS_AND_SYMBOLS_REGEX', $group);
$group = array('metatags_title', 'metatags_keywords', 'metatags_description');
$sanitizer->addSimpleSanitization('META_TAGS', $group);
$group = array('customers_email_address' => array('sanitizerType' => 'SANITIZE_EMAIL_AUDIENCE', 'method' => 'post', 'pages' => array('coupon_admin', 'gv_mail', 'mail')));
$sanitizer->addComplexSanitization($group);
$group = array('customers_email_address', 'email_to');
$sanitizer->addSimpleSanitization('SANITIZE_EMAIL', $group);
$group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments', 'products_options_comment');
$sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group);
$group = array('products_url', 'manufacturers_url');
$sanitizer->addSimpleSanitization('PRODUCT_URL_REGEX', $group);
$group = array('products_attributes_filename');
$sanitizer->addSimpleSanitization('FILE_PATH_OR_URL', $group);
$group = array('coupon_min_order');
$sanitizer->addSimpleSanitization('CURRENCY_VALUE_REGEX', $group);
$group = array('categories_name', 'products_name', 'orders_status_name', 'configuration');
$sanitizer->addSimpleSanitization('PRODUCT_NAME_DEEP_REGEX', $group);
$group = array('configuration_key', 'search', 'query_string');
$sanitizer->addSimpleSanitization('STRICT_SANITIZE_VALUES', $group);
... and make the following changes:
Code:
$group = array(
'pages_title', 'page_params', 'music_genre_name', 'artists_name', 'record_company_name', 'countries_name', 'name', 'type_name', 'manufacturers_name',
'title', 'coupon_name', 'coupon_copy_to_dup_name', 'banners_title', 'coupon_code', 'coupon_delete_duplicate_code', 'coupon_type',
'group_name', 'geo_zone_name', 'geo_zone_description',
'tax_class_description', 'tax_class_title', 'tax_description', 'entry_company', 'customers_firstname',
'customers_lastname', 'entry_street_address', 'entry_suburb', 'entry_city', 'entry_state', 'customers_referral',
//-bof-20210706-lat9: Enabling search to 'find' 'htmlspecialchars'
'symbol_left', 'symbol_right', 'products_model', 'alt_url', 'email_to_name', 'search',
//-eof-20210706-lat9
);
$sanitizer->addSimpleSanitization('WORDS_AND_SYMBOLS_REGEX', $group);
$group = array('metatags_title', 'metatags_keywords', 'metatags_description');
$sanitizer->addSimpleSanitization('META_TAGS', $group);
$group = array('customers_email_address' => array('sanitizerType' => 'SANITIZE_EMAIL_AUDIENCE', 'method' => 'post', 'pages' => array('coupon_admin', 'gv_mail', 'mail')));
$sanitizer->addComplexSanitization($group);
$group = array('customers_email_address', 'email_to');
$sanitizer->addSimpleSanitization('SANITIZE_EMAIL', $group);
$group = array('products_description', 'coupon_desc', 'file_contents', 'categories_description', 'message_html', 'banners_html_text', 'pages_html_text', 'comments', 'products_options_comment');
$sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group);
$group = array('products_url', 'manufacturers_url');
$sanitizer->addSimpleSanitization('PRODUCT_URL_REGEX', $group);
$group = array('products_attributes_filename');
$sanitizer->addSimpleSanitization('FILE_PATH_OR_URL', $group);
$group = array('coupon_min_order');
$sanitizer->addSimpleSanitization('CURRENCY_VALUE_REGEX', $group);
$group = array('categories_name', 'products_name', 'orders_status_name', 'configuration');
$sanitizer->addSimpleSanitization('PRODUCT_NAME_DEEP_REGEX', $group);
//-bof-20210706-lat9: Removing 'search' from this section, added above.
$group = array('configuration_key', 'query_string');
//-eof-20210706-lat9
$sanitizer->addSimpleSanitization('STRICT_SANITIZE_VALUES', $group);
Bookmarks