[Done v1.3.9h] HTML tags show after upgrade to 1.3.9g

[DVDTitan]

Just to let anyone know who is also struggling with source HTML in the news and article manager i added to the suggested file in this thread two inputs from this mod so my file reads as follows:

PHP Code:

<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist  = array('file_contents', 'banners_html_text', 'pages_title', 'message_html','news_article_text','news_article_shorttext');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);

This appears to have resolved the issue with this mod. I will also post this in the news and article mod thread as well for assistance there.

[yosemirza]

After applying the code mention before, there is still a problem on EZpages address.

When I put:
index.php?main_page=product_info&cPath=1&products_id=3

It changed into:
index.php?main_page=product_info&cPath=1&products_id=3

on the address bar.

Thanks

[dutchy]

Same with me I am afraid. All the ezpage internal links are broken.
/index.php?main_page=product_info&cPath=65&products_id=180

I don't know how to fix this?

[p1lot]

i experience the error for the shopping cart if attributes have special chars in them, how can i put that on the xss whitelist?

[Ajeh]

For the EZPages Internal Links see the current settings at:
http://www.zen-cart.com/forum/showth...839#post941839

[countrycharm]

Ajeh I have a question for you. I uploaded the /admin/includes/extra_configures/extra_white_list.php but still it shows like this when updating or submitting a new item. Any idea what I did wrong or is there something else I need to do. Shows ok on the catalog side. Thank you

<p><font face="VERDANA, HELVETICA, ARIAL" color="#000000" size="2" style="font-weight: bold;"> Hefty 28-oz. stein is banded all around by vintage John Deere advertising images, then tastefully trimmed in gleaming gold. A majestic mug that's a joy to behold, and a stately symbol of Heartland pride! </font><font face="VERDANA, HELVETICA, ARIAL" color="#000000" size="2" style="font-weight: bold;">Ceramic. Dishwasher safe; do not microwave. 4 1/2&quot; diameter x 6 1/8&quot; high.</font></p>

[Celtic]

Thankfully I haven't done the upgrade to 'g' yet.

As this 'theoretical' xss fix is causing so many 'real' problems, could we have a thread that shows comprehensively how to fix this problem please. Trying to navigate all the comments and XTS's (cross thread solutions) in here is a nightmare.

Could I also suggest posting a 'fix' that removes this 'theoretical' xss feature completely rather than having to enter various random names into an override file? This seems the best solution until this is tested properly.

Thanks for your attempt at this feature, but better luck next time.

[delia]

Folks, the PRODUCT PREVIEW page display issue is NOT a bug.
While you may dislike the way the preview shows, it is unfortunately necessary in order to protect YOU against XSS attacks on your admin area.
Clicking Save on the product-preview screen SAVES IT PROPERLY.

Doesn't this make the preview screen obsolete for most cart owners? They no longer can preview the product.

My apologies if I"ve missed anything else about this.

[delia]

Thankfully I haven't done the upgrade to 'g' yet.

As this 'theoretical' xss fix is causing so many 'real' problems, could we have a thread that shows comprehensively how to fix this problem please. Trying to navigate all the comments and XTS's (cross thread solutions) in here is a nightmare.

Could I also suggest posting a 'fix' that removes this 'theoretical' xss feature completely rather than having to enter various random names into an override file? This seems the best solution until this is tested properly.

Thanks for your attempt at this feature, but better luck next time.

I am in total agreement. This is causing nightmares for me and has cost me money.

I'm about ready to back up to f and hold there.

[Ajeh]

Ajeh I have a question for you. I uploaded the /admin/includes/extra_configures/extra_white_list.php but still it shows like this when updating or submitting a new item. Any idea what I did wrong or is there something else I need to do. Shows ok on the catalog side. Thank you

If you mean in the Preview, that will be that way until v1.3.9h comes out ...

We are working on this issue and do not want a bazillion patch works made for things ...

As long as the Catalog looks good you should be fine ...