News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Bug in classes/ps_product_category

Started by doorknob, July 19, 2008, 02:46:28 AM

Previous topic - Next topic

doorknob

When the value of the Category Name is used as the anchor title (i.e. tooltip) for sub-category links, it is not made safe for special html characters. Line 975
$html .= "<a style=\"display:block;\" class=\"sublevel\" title=\"".$db->f("category_name")."\" href=\"";

should be replaced by
$html .= "<a style=\"display:block;\" class=\"sublevel\" title=\"".shopMakeHtmlSafe($db->f("category_name"))."\" href=\"";

Tested on VM 1.1 nightly from 18/7/2008 on J1.5 (1.5.3)
regards
Phil