FILES AFFECTED
==============
The files affected are:
/readme.txt (this file should not be uploaded to your site. All the rest should)
/admin/orders.php
/admin/packingslip.php
/admin/invoice.php
/includes/modules/pages/shopping_cart/header_php.php
/includes/templates/template_default/templates/tpl_account_history_info_default.php
/includes/templates/template_default/templates/tpl_checkout_confirmation_default.php
INSTALLATION for v1.3.7 sites:
====================
1. Download the patch from SourceForge here.
2. Upload the patched files to replace the existing files of the same name/folder.
Remember, if you have renamed your admin folder, you will have to use *that*
folder name when copying/uploading the /admin/ folder files.
Further, if you have customized copies of the enclosed template files, you
should manually apply the changes from these files into your customized files.
Using WinMerge as a file-comparison tool will help you quickly identify your
customizations and help you merge the changes easily.
INSTALLATION for sites OLDER THAN v1.3.7:
=============================
If you need to apply these fixes to an older version of Zen Cart, do NOT use the patched zip file. Instead, this can be accomplished by manual edits -- replacing this:
Code:
$order->products[$i]['attributes'][$j]['value']
with this:
Code:
zen_output_string_protected($order->products[$i]['attributes'][$j]['value'])
... in the affected files.
Depending on which version you have, you'll find a need to change either line #118 of template_default/templates/tpl_shopping_cart_default.php
Code:
$products[$i][$option]['products_options_values_name'] = $attr_value ;
becomes:
Code:
$products[$i][$option]['products_options_values_name'] = zen_output_string_protected($attr_value);
or modules/pages/shopping_cart/header_php.php, like this:
Code:
$attrArray[$option]['products_options_values_name'] = $attr_value
becomes:
Code:
$attrArray[$option]['products_options_values_name'] = zen_output_string_protected($attr_value)
Bookmarks