VirtueMart Forum

VirtueMart Dev/Coding Central: VM1 (old version) => Virtuemart 1.1 Development (Archiv) => Quality & Testing VirtueMart 1.1.x => Topic started by: doorknob on October 01, 2008, 02:46:50 AM

Title: Bug in html/shop.parameter_search_form.php
Post by: doorknob on October 01, 2008, 02:46:50 AM
The parameter values are captured and stored without conversion of special html characters (this is necessary because ; is used as a separator).
When the parameters are used to populate controls in the form, there is still no conversion of special characters. I fixed this by changing the code as follows:
Please note that my code also fixes another compliance error that was reported earlier
Lines 168-170
foreach($fields as $field) {
$attr .= "<option value=\"$field\"".(($selected_value[$field]==1) ? " selected>" : ">"). $field."</option>\n";
}

changed to
foreach($fields as $field) {
$html_field = htmlspecialchars( $field );
$attr .= "<option value=\"$html_field\"".(($selected_value[$field]==1) ? " selected=\"selected\">" : ">"). $html_field."</option>\n";
}


and lines 175-177
foreach($fields as $field) {
$attr .= "<option value=\"$field\"".(($get_item_value==$field) ? " selected>" : ">"). $field."</option>\n";
}

changed to
foreach($fields as $field) {
$html_field = htmlspecialchars( $field );
$attr .= "<option value=\"$html_field\"".(($get_item_value==$field) ? " selected=\"selected\">" : ">"). $html_field."</option>\n";
}


Regards
Phil