Textarea returns plain-text instead of HTML text for custom product type

[retched]

I'm currently using 1.5.7c.

I have a custom product type that uses two textboxes, one the default "product" description and the other a special field for that product type. When I click on "Preview", the HTML appears in raw, unescaped form in the "new_product_preview" . When I click on "Back" (through ZenCart Admin, not the browser), the HTML textbox is preloaded with the unescaped HTML text.

What have I missed on the update? Any assistance would be appreciated.

Screencap for reference:

What is being submitted for preview:


What is shown on the preview:


What is presented when going back:

[ianhg]

Have you tried clicking on the Source icon top left and then adding HTML Text

[lat9]

@retched, does your custom product addition include an admin 'sanitizer' for those additional textarea fields, enabling them to include HTML content?

[retched]

@retched, does your custom product addition include an admin 'sanitizer' for those additional textarea fields, enabling them to include HTML content?

@lat9, I don't believe so. This was a hard copy/porting of it from 1.5.3 to now. Where would I find that in the code to emulate in my custom product type? I'm noticing that it is coming back from `$_POST` as the correct text, if that helps.

[retched]

Have you tried clicking on the Source icon top left and then adding HTML Text

Similar problem still. The source text before I send it to process is proper HTML but evidently something is still causing it to return the plain HTML instead of the proper HTML.

[retched]

@lat9, I don't believe so. This was a hard copy/porting of it from 1.5.3 to now. Where would I find that in the code to emulate in my custom product type? I'm noticing that it is coming back from `$_POST` as the correct text, if that helps.

So in a spree of throwing everything against the wall and seeing what sticks:

I think I managed to fix this but I feel like it's a REALLY rough edit. I added the field name of the textarea to line 226 in init_sanitize.php where it ends up on this

Code:

$sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $group)

.

After I made this change, everything end up working as needed. So I guess the question I should ask is, where should I make this change so that it doesn't overwrite the main core files.

[lat9]

Create your change-specific sanitization in /admin/extra_datafiles/something_sanitizer.php.

The name doesn't matter as long as it's unique and reminds you of what's being sanitized. The file's contents should be similar to:

Code:

<?php
// -----
// Admin-level sanitizations for my specific changes
//
$my_sanitizer = AdminRequestSanitizer::getInstance();

$my_group_sanitize = [
    'field_name_1',
    'field_name_2',
];
$my_sanitizer->addSimpleSanitization('PRODUCT_DESC_REGEX', $my_group_sanitize);

The field_names are the names of the posted variables that you've added.

[retched]

That works perfectly, I'll go ahead and make sure that I do this on each custom type.

[lat9]

That works perfectly, I'll go ahead and make sure that I do this on each custom type.

Great, I'm happy to have helped.

[mc12345678]

That works perfectly, I'll go ahead and make sure that I do this on each custom type.

The following may include more than desired at the moment, but is a good reference for accomplishing admin sanitization:
Admin Request Sanitization | Zen Cart Documentation (zen-cart.com)