News:

Looking for documentation? Take a look on our wiki

Main Menu

Custom field inputs non-sanitized

Started by balai, October 27, 2015, 13:02:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

balai

October 27, 2015, 13:02:20 PM Last Edit: October 27, 2015, 13:08:14 PM by balai
I tried entering some scripts or html as values in string custom fields and they are entered normally.

I suppose that since they are simple strings such characters should be cleaned

Also noticed that they are displayed in the front-end without being cleaned or encoded either

Milbo

#1
October 27, 2015, 21:01:29 PM
Because you are admin. Check the same as non admin, or take a look in the ACL to get the difference.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/
Print
Go Up Pages1
User actions