[Done v1.3.9h] HTML tags show after upgrade to 1.3.9g

[hottrendz]

I need help to resolve this problem, i have been looking through the threads and have not found a solution yet.

I upgraded to v1.3.9g from v1.3.9f yesterday, and when i did my emails in nowing showing html code in the final product for example

when the email comes through it shows:

<p>How are you</p>

in the actual email

i had to switch to text email, but i prefer html so i can send out pictures. Is there a file i can upload again to fix the rich text html editor from showing the code in the actual email.

[Ajeh]

NOTE: v1.3.9h has been released, which FIXES the issue, and makes the following workaround UNNECESSARY. The best solution is to upgrade.

Try using for the extra_white_list.php file:
/admin/includes/extra_configures/extra_white_list.php

and put into that file the code:

Code:

<?php
$global_xss_whitelist = isset($global_xss_whitelist) ? $global_xss_whitelist : array();
$my_whitelist  = array('file_contents', 'banners_html_text', 'pages_title', 'message_html', 'manufacturers_name', 'symbol_left', 'symbol_right', 'query_string');
$global_xss_whitelist = array_merge($my_whitelist, $global_xss_whitelist);

and then try to edit the Define Page or Banner HTML or EZPage Title or Send Email once more and save it to see if this displays correctly ...

NOTE: the file
/admin/includes/extra_configures/extra_white_list.php

is a file that you create for this code ...

NOTE: Updated for Manufactuers Name, Currencies Left Symbol and Currencies Right Symbols and Install SQL Patches

Steps to use the above code:
1 create the file:
/admin/includes/extra_configures/extra_white_list.php

2 add the code posted above

3 FTP the file to your server

4 edit the section where you have the problem and save/update it to correct the issue

[Royal]

Linda, You are the best! Thank you!

[azimpact]

Yes, I'm seeing the same thing in emails if you use Mime email true.

I've applied the patch and it works for the other pages, but now the HTML emails are not working.

Any patch for that?

[azimpact]

Also, in the patch code is the ending ?> purposely left off?

[hottrendz]

Thank You!!!

the extra_white_list.php file, resolved the issue with the email

[barco57]

Also, in the patch code is the ending ?> purposely left off?

That is fine, the closing php tag is not required

[azimpact]

All my issues are now fixed.

I was using the first code that was posted so I was having issues but once I added the last code posted things are working good again.

Thanks for the patch!

[acpaulley]

NOTE: the file
/admin/includes/extra_configures/extra_white_list.php

is a file that you create for this code ...

I just created this file using the exact code you have above and uploaded to the folder specified. My site won't load at all now. Admin still works, but the main site no longer renders at all: www.plrnichemart.com

[DrByte]

I just created this file using the exact code you have above and uploaded to the folder specified. My site won't load at all now. Admin still works, but the main site no longer renders at all: www.plrnichemart.com

Making the changes discussed in this thread can't break the storefront, since they're only applicable to the admin side.

You must have something else wrong in your storefront files.
ref: https://www.zen-cart.com/tutorials/index.php?article=82