Print Page - Bug in classes/ps_product

Title: Bug in classes/ps_product_category
Post by: doorknob on July 19, 2008, 02:46:28 AM

When the value of the Category Name is used as the anchor title (i.e. tooltip) for sub-category links, it is not made safe for special html characters. Line 975

Code Select

			$html .= "<a style=\"display:block;\" class=\"sublevel\" title=\"".$db->f("category_name")."\" href=\"";

should be replaced by

Code Select

			$html .= "<a style=\"display:block;\" class=\"sublevel\" title=\"".shopMakeHtmlSafe($db->f("category_name"))."\" href=\"";

Tested on VM 1.1 nightly from 18/7/2008 on J1.5 (1.5.3)
regards
Phil

VirtueMart Forum

VirtueMart Dev/Coding Central: VM1 (old version) => Virtuemart 1.1 Development (Archiv) => Quality & Testing VirtueMart 1.1.x => Topic started by: doorknob on July 19, 2008, 02:46:28 AM