Author Topic: Possible bug: Table "_virtuemart_order_histories"  (Read 657 times)

Studio 42

  • Contributing Developer
  • Sr. Member
  • *
  • Posts: 3524
  • Joomla & Virtuemart addon developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3.0.x.y
Re: Possible bug: Table "_virtuemart_order_histories"
« Reply #15 on: August 02, 2018, 20:04:25 pm »
Really max, why you dont check to find a better solution?
I dont think that escaping all special char is needed, else Joomla and wordpress had more vulnerability about this.
If you save JSON, this need only to escape the double quotes too.
Your solution have many drawback, eg if you need to compare or search an encoded string.

GJC Web Design

  • 3rd party VirtueMart Developer
  • Super Hero
  • *
  • Posts: 8582
  • Virtuemart, Joomla & php developer
    • GJC Web Design
  • VirtueMart Version: 2.6.22 & 3.2.14
Re: Possible bug: Table "_virtuemart_order_histories"
« Reply #16 on: August 02, 2018, 21:58:09 pm »
yes..  but replace the "comments"

next tr up

the customer_note is only if the shopper left an original comment -- the code below is the last comment left by the admin when changing the status etc

echo vmText::sprintf('COM_VIRTUEMART_MAIL_SHOPPER_QUESTION',nl2br(htmlspecialchars_decode($this->orderDetails['history'][$nb-1]->comments, ENT_COMPAT)));
GJC Web Design
VirtueMart and Joomla Developers - php developers http://www.gjcwebdesign.com
VM3 AusPost Shipping Plugin - e-go Shipping Plugin - VM3 Postcode Shipping Plugin - Radius Shipping Plugin - VM3 NZ Post Shipping Plugin - AusPost Estimator
Samport Payment Plugin - EcomMerchant Payment Plugin - ccBill payment Plugin
VM2 Product Lock Extension - VM2 Preconfig Adresses Extension - TaxCloud USA Taxes Plugin - Virtuemart  Product Review Component
http://extensions.joomla.org/profile/profile/details/67210
Contact for any VirtueMart or Joomla development & customisation

EsSa55

  • Jr. Member
  • **
  • Posts: 53
    • 4FootyFans & 4MovieTVmusicFans
  • Skype Name: talk2-4footyfans
  • VirtueMart Version: Live: 3.4.2
Re: Possible bug: Table "_virtuemart_order_histories"
« Reply #17 on: August 02, 2018, 22:26:12 pm »
So,

<?php $nb=count($this->orderDetails['history']);
if($this->orderDetails['history'][$nb-1]->customer_notified && !(empty($this->orderDetails['history'][$nb-1]->comments))) { ?>
<tr>
<td width="580" colspan="3" style="border: 1px solid #CCCCCC;">
<?php echo vmText::sprintf('COM_VIRTUEMART_MAIL_SHOPPER_QUESTION',nl2br(htmlspecialchars_decode($this->orderDetails['history'][$nb-1]->comments, ENT_COMPAT))); ?>
</td>
</tr>
<?php } ?>
<?php if(!empty($this->orderDetails['details']['BT']->customer_note)){ ?>
<tr>
<td width="580" colspan="3" style="border: 1px solid #CCCCCC;">
<?php echo vmText::sprintf('COM_VIRTUEMART_MAIL_SHOPPER_QUESTION',nl2br($this->orderDetails['details']['BT']->customer_note)) ?>
</td>
</tr>

ES-> ?