Stock by Attribute v4.0 addon for v1.3.5-1.3.9

[madshaun1984]

Ok, I seeall that is/was going on. When the dynamic dropdowns was edited to support things like quotes and other "special" characters in the products_options_values_name that was incorporated first which then was applied to single attributes for consistency (which is what the referenced post addresses).

So, a similar change is needed to the dynamic dropdowns file(s) as was done for single attributes. I'm on my phone at the moment which makes it a little difficult to provide all of the change correctly/quickly, but the file in question is: includes/classes/pad_sba_sequenced_dropdowns.php

Then at line 833 modifying:

Code:

       $out.='"_' . $oval['id'] . '"' . ': "' . zen_output_string_protected($oval['text']) . '", ';

(if there are #s in there, ignore them/treat as spaces.
To use the function provided by:

Code:

zen_output_string($values[$i]['text'], array('"' => '"', '\'' => ''', '<' => '<', '>' => '>', ' & ' => ' & ')) . '</option>' . "\n";

In place of the zen_output_string_protected portion of the above.

Thanks, edited the suggested line to be the following,

Code:

$out.='"_' . $oval['id'] . '"' . ': "' . zen_output_string($oval['text'], array('"' => '&quot;', '\'' => '&#039;', '<' => '&lt;', '>' => '&gt;', ' & ' => ' &amp; ')) . '", ';

Unfortunately still no change

Have I edited correctly?

[mc12345678]

Thanks, edited the suggested line to be the following,

Code:

$out.='"_' . $oval['id'] . '"' . ': "' . zen_output_string($oval['text'], array('"' => '&quot;', '\'' => '&#039;', '<' => '&lt;', '>' => '&gt;', ' & ' => ' &amp; ')) . '", ';

Unfortunately still no change

Have I edited correctly?

Actually, there is/was a change, but not for the better. The code incorporated looks correct on its own; however, I believe the mix of single and double quotes within the line are causing issues and is part of why I was saying it's difficult on a cell phone. :)

What I suggest is to use a "temporary" variable that is to be set to the result of the zen_output_string function. That string variable is then used in place of the entire protected portion of the original code. This way the single/double quotes do not play a factor in the line that is puting together the javascriopt.

It could also be that in copying/pasting on either side (yours or mine) that some character "got in the way" that shouldn't be there.

Regardless suggest checking the logs directory again as page is only partially displayed.

[madshaun1984]

Actually, there is/was a change, but not for the better. The code incorporated looks correct on its own; however, I believe the mix of single and double quotes within the line are causing issues and is part of why I was saying it's difficult on a cell phone. :)

What I suggest is to use a "temporary" variable that is to be set to the result of the zen_output_string function. That string variable is then used in place of the entire protected portion of the original code. This way the single/double quotes do not play a factor in the line that is puting together the javascriopt.

It could also be that in copying/pasting on either side (yours or mine) that some character "got in the way" that shouldn't be there.

Regardless suggest checking the logs directory again as page is only partially displayed.

Hmmm, the page is displaying in full for me, but with no difference pre/post edit (the partial page I believe you saw was the result of me editing the line I eventually settled on and pasted into my last post).

I'll try the temp var suggestion you made now though, will update with results.

Also, is there anyway to step through website code in a similar fashion to a c# application? (I'm familiar with debugging via Visual studio, and have worked on asp.net apps / pure html / js sites previously, but never a live website that wasn't of my own creation), so not sure how it works with zen cart etc... This would save me keep coming back and might enable me to lend a better hand / start adding my own contributions.

Thanks again!

[madshaun1984]

Update: adding the protected string to the temp var and then passing that through didn't make any difference.

Code:

$x = $out.='"_' . $oval['id'] . '"' . ': "' . zen_output_string_protected($oval['text']) . '", ';
		
		$out.='"_' . $x['id'] . '"' . ': "' . zen_output_string($x['text'], array('"' => '&quot;', '\'' => '&#039;', '<' => '&lt;', '>' => '&gt;', ' & ' => ' &amp; ')) . '", ';

Pretty sure the edit I made last time was ok and have a hunch that there's still something deeper not quite right.

[mc12345678]

How about this
At line 833 of includes/classes/pad_sba_sequenced_dropdowns.php

change:

Code:

$out.='"_' . $oval['id'] . '"' . ': "' . zen_output_string_protected($oval['text']) . '", ';

to:

Code:

        $out.='"_' . $oval['id'] . '"' . ': "';
//        $out.=zen_output_string_protected($oval['text']);
        $out.=zen_output_string($oval['text'],
                  array(
                    '"' => '"',
                    '\'' => ''',
                    '<' => '&lt;',
                    '>' => '&gt;',
                    ' & ' => ' &amp; ',
                    '& ' => '&amp; '
                  )
              );
        $out.='", ';

So that area of code would go from:

Code:

      foreach ($attr['ovals'] as $oval) {
        $out.='"_' . $oval['id'] . '"' . ': "' . zen_output_string_protected($oval['text']) . '", ';[/TD]
      }

To:

Code:

      foreach ($attr['ovals'] as $oval) {
        $out.='"_' . $oval['id'] . '"' . ': "';
//        $out.=zen_output_string_protected($oval['text']);
        $out.=zen_output_string($oval['text'],
                  array(
                    '"' => '"',
                    '\'' => ''',
                    '<' => '&lt;',
                    '>' => '&gt;',
                    ' & ' => ' &amp; ',
                    '& ' => '&amp; '
                  )
              );
        $out.='", ';
      }

This is another way to accomplish the "interim" variable perspective and is a little cleaner to some extent but also not as easy to read.

There is something that was not right about how it was put together in the previous method/attempts and it currently still displays this html code which is causing the problem:

Code:

var txt3 = {"_38": "10ml ", "_<": "&lt;", "_40": "50ml (+&amp;pound;15.00) ", "_<": "&lt;"};

It is this result that we are trying to modify. The £ is the part that is the problem because of basically dual sanitization at least in the second dropdown. Still may need to do something for the first dropdown to resolve this.

It should instead look like:

Code:

var txt3 = {"_38": "10ml ", "_<": "&lt;", "_40": "50ml (+&pound;15.00) ", "_<": "&lt;"};

[madshaun1984]

Just added the change suggested, not getting an sba dropdown shown at all now, (partial page).

Rolled code back to as I pasted earlier.

Its as if these sections of code are having no impact on the string, or the string being processed by any replace method.

[mc12345678]

Just added the change suggested, not getting an sba dropdown shown at all now, (partial page).

Rolled code back to as I pasted earlier.

Its as if these sections of code are having no impact on the string, or the string being processed by any replace method.

The blank/partial blank page would have generated an error as described here: http://www.zen-cart.com/content.php?124-blank-page

The information from that would help identify what was causing the issue.

I didn't see anything that again modified the code content after that txt3 code is generated. I'll have to look at one of my test sites as set for an alternate currency to see how it plays out with the proposed change incorporated.

[mc12345678]

The blank/partial blank page would have generated an error as described here: http://www.zen-cart.com/content.php?124-blank-page

The information from that would help identify what was causing the issue.

I didn't see anything that again modified the code content after that txt3 code is generated. I'll have to look at one of my test sites as set for an alternate currency to see how it plays out with the proposed change incorporated.

@madshaun1984, et al...

Ok, figured out what's going on.

There were two things, one was the additional encoding that caused £ to become $amp;pound; in the txtXXX section (should be addressed by the above change(s) though processing of the code may make that change unnecessary), the other is/was that when selecting a "parent" option, the child select options are added by pushing the content to the option list. This push (creating a new option) though populated the text of the option not the html of the option. I.e put £ directly in the output text instead of the more "inner" html. So, while this was tested for the change identified at line 1053 below it has not been tested in absence of the previously posed changes or other similar changes that I made on my test server. I do think the below changes would address the wrongful display of £ instead of £.

I'm providing line numbers here working from the "bottom" to the "top" so that as each change is made the identified line numbers will still line up with the content on github at the moment (haven't pushed an update, just realized what needed to be done and proved that at least adding the change to line 1053 worked, though had also made some other changes as well that need to be validated as unnecessary.)

Between lines 1091 and 1092 having this content:

Code:

          $out.='), opt.substring(1));' . "\n";
          if ((STOCK_ALLOW_CHECKOUT == 'false' && ($curattr == count($attributes) - 2)) || PRODINFO_ATTRIBUTE_NO_ADD_OUT_OF_STOCK == 'True') {

Modify it to look like the below:

Code:

          $out.='), opt.substring(1));' . "\n";
          $out.='                        frm["id[' . $attributes[$nextattr]['oid'] . ']"].options[frm["id[' . $attributes[$nextattr]['oid'] . ']"].length].innerHTML = frm["id[' . $attributes[$nextattr]['oid'] . ']"].options[frm["id[' . $attributes[$nextattr]['oid'] . ']"].length].text;' . "\n";
          if ((STOCK_ALLOW_CHECKOUT == 'false' && ($curattr == count($attributes) - 2)) || PRODINFO_ATTRIBUTE_NO_ADD_OUT_OF_STOCK == 'True') {

and then again between lines 1066 and 1067 having this content:

Code:

          $out.='), opt.substring(1));' . "\n";
          if ((STOCK_ALLOW_CHECKOUT == 'false' && ($curattr == count($attributes) - 2)) || PRODINFO_ATTRIBUTE_NO_ADD_OUT_OF_STOCK == 'True') {

Modify it to look like:

Code:

          $out.='), opt.substring(1));' . "\n";
          $out.='                            frm["id[' . $attributes[$nextattr]['oid'] . ']"].options[frm["id[' . $attributes[$nextattr]['oid'] . ']"].length].innerHTML = frm["id[' . $attributes[$nextattr]['oid'] . ']"].options[frm["id[' . $attributes[$nextattr]['oid'] . ']"].length].text;' . "\n";
          if ((STOCK_ALLOW_CHECKOUT == 'false' && ($curattr == count($attributes) - 2)) || PRODINFO_ATTRIBUTE_NO_ADD_OUT_OF_STOCK == 'True') {

Between Lines 1052 and 1053 having this content:

Code:

        $out.=', opt.substring(1));' . "\n";
        $out.='                        }';

have it look like the following:

Code:

        $out.=', opt.substring(1));' . "\n";
        $out.='                            frm["id[' . $attributes[$nextattr]['oid'] . ']"].options[frm["id[' . $attributes[$nextattr]['oid'] . ']"].length].innerHTML = frm["id[' . $attributes[$nextattr]['oid'] . ']"].options[frm["id[' . $attributes[$nextattr]['oid'] . ']"].length].text;' . "\n";
        $out.='                        }';

[madshaun1984]

Not had a chance to look at this today, been a long day.

Will try and get on ot tomorrow and report outcome.

Thanks again,
Shaun

[mc12345678]

Not had a chance to look at this today, been a long day.

Will try and get on ot tomorrow and report outcome.

Thanks again,
Shaun

Look forwards to the report. Thanks for identifying the issue.