News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Bug: Product Type Parameter form

Started by doorknob, October 29, 2008, 23:57:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

doorknob

October 29, 2008, 23:57:55 PM
The Product Type Parameter form does not escape value for the Possible Values and Default Values fields. Special characters like quotes cause problems.
I made the following changes to resolve the problem:
line 136 changed from
Code Select
        <input type="text" class="inputbox" name="parameter_values" size="60" value="<?php $db->sp('parameter_values'?>" />

to
Code Select
        <input type="text" class="inputbox" name="parameter_values" size="60" value="<?php echo shopMakeHtmlSafe$db->sf('parameter_values') ) ?>" />

and line 148 changed from
Code Select
        <input type="text" class="inputbox" name="parameter_default" size="60" value="<?php $db->sp('parameter_default'?>" />

to
Code Select
        <input type="text" class="inputbox" name="parameter_default" size="60" value="<?php echo shopMakeHtmlSafe$db->sf('parameter_default') ) ?>" />


Regards
Phil

vbarkouski

#1
December 28, 2009, 07:23:02 AM Last Edit: December 28, 2009, 07:31:23 AM by vbarkouski
file to modify:

product.product_type_parameter_form.php
Print
Go Up Pages1
User actions