Text only | Text with Images

VirtueMart Forum

VirtueMart Dev/Coding Central: VM1 (old version) => Virtuemart 1.1 Development (Archiv) => Quality & Testing VirtueMart 1.1.x => Topic started by: doorknob on October 29, 2008, 23:57:55 PM

Title: Bug: Product Type Parameter form
Post by: doorknob on October 29, 2008, 23:57:55 PM
The Product Type Parameter form does not escape value for the Possible Values and Default Values fields. Special characters like quotes cause problems.
I made the following changes to resolve the problem:
line 136 changed from
Code Select
        <input type="text" class="inputbox" name="parameter_values" size="60" value="<?php $db->sp('parameter_values'?>" />

to
Code Select
        <input type="text" class="inputbox" name="parameter_values" size="60" value="<?php echo shopMakeHtmlSafe$db->sf('parameter_values') ) ?>" />

and line 148 changed from
Code Select
        <input type="text" class="inputbox" name="parameter_default" size="60" value="<?php $db->sp('parameter_default'?>" />

to
Code Select
        <input type="text" class="inputbox" name="parameter_default" size="60" value="<?php echo shopMakeHtmlSafe$db->sf('parameter_default') ) ?>" />


Regards
Phil
Title: Re: Bug: Product Type Parameter form
Post by: vbarkouski on December 28, 2009, 07:23:02 AM
file to modify:

product.product_type_parameter_form.php
Text only | Text with Images