[Done v1.3.9h] HTML tags show after upgrade to 1.3.9g

[PoorFarm]

Try using for the extra_white_list.php file:
/admin/includes/extra_configures/extra_white_list.php

and put into that file the code:

Code:

<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist  = array('file_contents', 'banners_html_text', 'pages_title', 'message_html');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);

and then try to edit the Define Page or Banner HTML or EZPage Title or Send Email once more and save it to see if this displays correctly ...

NOTE: the file
/admin/includes/extra_configures/extra_white_list.php

is a file that you create for this code ...

Please, please help me to understand...Stop talking greek, please..

Now if I take this right...
The reason my defines pages are talking html crap all over it, has to do with some coding problem that got messed up in this 1.39g upgrade.

So if I want to fix the problem until someone figures we should have a 1.39h upgrade, then I need to what?

Make a folder?
Then insert this code into the folder?
Then upload this folder to my ....
admin/includes/extra_configures/....???????
And give it the name:::: extra_white_list.php ?????

Just pretend I have a box of rocks for a brain, so I need more detail please.

And why doesn't someone just create this file and fix the problem? Okay, I am a box of rocks....

[Ajeh]

The current release v1.3.9g was just released with the added Protection and, unfortunately, is too good ... so there is the need for the "white list" at this time ...

This will all be addressed in the next release ...


It takes two seconds to open a blank file and save it as:
/admin/includes/extra_configures/extra_white_list.php

You already have the directory:
/admin/includes/extra_configures/

You want to make a file called:
extra_white_list.php

and load it to the directory:
/admin/includes/extra_configures/

and in that file copy and paste the code posted in thread #52 ...

What this code is doing is excluding certain parts of the code from the extra protection that has been added in v1.3.9g from being applied to certain areas of the Admin so that when you edit the data and enter the HTML code it is not getting this extra protection as it also is protecting you against HTML code that you need to enter in some areas of the Admin ...

[PoorFarm]

The current release v1.3.9g was just released with the added Protection and, unfortunately, is too good ... so there is the need for the "white list" at this time ...

This will all be addressed in the next release ...


It takes two seconds to open a blank file and save it as:
/admin/includes/extra_configures/extra_white_list.php

You already have the directory:
/admin/includes/extra_configures/

You want to make a file called:
extra_white_list.php

and load it to the directory:
/admin/includes/extra_configures/

and in that file copy and paste the code posted in thread #52 ...

What this code is doing is excluding certain parts of the code from the extra protection that has been added in v1.3.9g from being applied to certain areas of the Admin so that when you edit the data and enter the HTML code it is not getting this extra protection as it also is protecting you against HTML code that you need to enter in some areas of the Admin ...

I thank you very kindly for your straight forward instructions..
This did the trick, so I shall apply it to my second store also..

[FrilansReklam]

I tried to find info about install sql patches.

for me it change " to " sp the array was not working.

[Ajeh]

Could you give an example of what you are having a problem with?

[jasong42122]

Did anyone not try the new version before making it available to the public because I have 2 broken websites that I will gladly let you practice on next time? Also why did you change the name of the admin folder?

I assume your going to say for security reasons BUT don't you think if a person is smart enough to hack a website they probably have downloaded zen cart to figure out how to hack it. Which would mean they would already know the name of the "secret admin folder" any way.
A month from now their will probably be a big yellow warning saying change your admin name to something other than zc_admin.

It just makes me mad that every other week their is a so called "critical update" that needs to be done and if it's not done their is all this garbage in my admin that won't go away, telling me how I need this important update, and then we do the update and it breaks our site.

Then I read one of the admin talking about not wanting a billion patches, but it's sure ok for us to have a billion updates every week. If it wasn't such a pain to do the updates that would probably help too.

[frank18]

Installed the Rewards Points mod today, first on my local store and then on the live site. This mod requires the installation of the included new.sql patch which adds extra boxes to Admin > Configuration.

Part of this sql is shown here:

.....

REPLACE INTO `configuration`
(`configuration_id` ,`configuration_title` ,`configuration_key` ,`configuration_value` ,`configuration_description` ,`configuration_group_id` ,`sort_order` ,`last_modified` ,`date_added` ,`use_function` ,`set_function`)
VALUES (NULL , 'Reward Point Status Track', 'REWARD_POINTS_STATUS_TRACK', '', '<b>Simple mode:</b> All new reward points are set to Pending and are changed to Earned when the Order Status changes. If the Order Status is then changed back to Pending then the reward points are transferred back from Earned.<br /><br /><b>Advanced mode:</b> Set the order status ....etc etc

The highlighted html tags are all showing just as in the quote above, no breaks are inserted into the text and no bold items show up.

Manually fixed this on my local site by editing relevant DB entries. In the DB the brackets were showing as &lt; or &gt;

The extra_white_list.php file is installed, it fixed the EZ Pages issue as expected but has not addressed this issue.

I know this is only of a 'cosmetic' nature and does not affect the operation of the store but is worth noting for the next upgrade.

[DrByte]

... but it's sure ok for us to have a billion updates every week.

You must be referring to some other software. I've never seen Zen Cart release a billion updates. Ever.
Come to think of it we don't even have that many lines of code in Zen Cart yet.
But, thanks for cluttering our forum with your rant. I hope you feel better after you got that off your chest.

[DrByte]

frank, it's noted.

[frank18]

frank, it's noted.

Thanks DrByte