Permalink
Browse files

[-] FO : Fix html entities in order messages and threads

  • Loading branch information...
gRoussac committed Dec 27, 2012
1 parent 304a95f commit 3e9e765a5abd85914c7084d7ab8c601edbb3601f
@@ -778,9 +778,9 @@
<a class="new_message" title="{l s='Mark this message as \'viewed\''}" href="{$smarty.server.REQUEST_URI}&token={$smarty.get.token}&messageReaded={$message['id_message']}"><img src="../img/admin/enabled.gif" alt="" /></a>
{/if}
{l s='At'} <i>{dateFormat date=$message['date_add']}
- </i> {l s='from'} <b>{if ($message['elastname'])}{$message['efirstname']} {$message['elastname']}{else}{$message['cfirstname']} {$message['clastname']}{/if}</b>
+ </i> {l s='from'} <b>{if ($message['elastname']|escape:'htmlall':'UTF-8')}{$message['efirstname']|escape:'htmlall':'UTF-8'} {$message['elastname']|escape:'htmlall':'UTF-8'}{else}{$message['cfirstname']|escape:'htmlall':'UTF-8'} {$message['clastname']|escape:'htmlall':'UTF-8'}{/if}</b>
{if ($message['private'] == 1)}<span style="color:red; font-weight:bold;">{l s='Private:'}</span>{/if}
- <p>{$message['message']|nl2br}</p>
+ <p>{$message['message']|escape:'htmlall':'UTF-8'|nl2br}</p>
</div>
<br />
{/foreach}
@@ -509,7 +509,7 @@ public function validateOrder($id_cart, $id_order_state, $amount_paid, $payment_
$customer_message = new CustomerMessage();
$customer_message->id_customer_thread = $customer_thread->id;
$customer_message->id_employee = 0;
- $customer_message->message = htmlentities($update_message->message, ENT_COMPAT, 'UTF-8');
+ $customer_message->message = $update_message->message;
$customer_message->private = 0;
if (!$customer_message->add())
@@ -182,13 +182,13 @@ protected function _updateMessage($messageContent)
else if ($oldMessage = Message::getMessageByCartId((int)($this->context->cart->id)))
{
$message = new Message((int)($oldMessage['id_message']));
- $message->message = htmlentities($messageContent, ENT_COMPAT, 'UTF-8');
+ $message->message = $messageContent;
$message->update();
}
else
{
$message = new Message();
- $message->message = htmlentities($messageContent, ENT_COMPAT, 'UTF-8');
+ $message->message = $messageContent;
$message->id_cart = (int)($this->context->cart->id);
$message->id_customer = (int)($this->context->cart->id_customer);
$message->add();
@@ -0,0 +1,48 @@
+<?php
+/*
+* 2007-2012 PrestaShop
+*
+* NOTICE OF LICENSE
+*
+* This source file is subject to the Open Software License (OSL 3.0)
+* that is bundled with this package in the file LICENSE.txt.
+* It is also available through the world-wide-web at this URL:
+* http://opensource.org/licenses/osl-3.0.php
+* If you did not receive a copy of the license and are unable to
+* obtain it through the world-wide-web, please send an email
+* to license@prestashop.com so we can send you a copy immediately.
+*
+* DISCLAIMER
+*
+* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
+* versions in the future. If you wish to customize PrestaShop for your
+* needs please refer to http://www.prestashop.com for more information.
+*
+* @author PrestaShop SA <contact@prestashop.com>
+* @copyright 2007-2012 PrestaShop SA
+* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
+* International Registered Trademark & Property of PrestaShop SA
+*/
+
+function updateordermessages()
+{
+ if ($messages = Db::getInstance()->executeS('SELECT id_message, message FROM '._DB_PREFIX_.'message'))
+ {
+ if(is_array($messages))
+ foreach($messages as $message)
+ {
+ $sql = 'UPDATE '._DB_PREFIX_.'message SET message = \''.pSQL(html_entity_decode($message['message'], ENT_COMPAT, 'UTF-8')).'\' WHERE id_message = '.(int)$message['id_message'];
+ Db::getInstance()->execute($sql);
+ }
+ }
+
+ if ($messages = Db::getInstance()->executeS('SELECT id_customer_message, message FROM '._DB_PREFIX_.'customer_message'))
+ {
+ if(is_array($messages))
+ foreach($messages as $message)
+ {
+ $sql = 'UPDATE '._DB_PREFIX_.'customer_message SET message = \''.pSQL(html_entity_decode(str_replace('&amp;', '&', $message['message']), ENT_COMPAT, 'UTF-8')).'\' WHERE id_customer_message = '.(int)$message['id_customer_message'];
+ Db::getInstance()->execute($sql);
+ }
+ }
+}
@@ -6,6 +6,8 @@ ALTER TABLE `PREFIX_address` CHANGE `outstanding_allow_amount` `outstanding_all
/* PHP:block_category_1521(); */;
+/* PHP:updateordermessages(); */;
+
UPDATE `PREFIX_order_state` SET `delivery` = 0 WHERE `id_order_state` = 3;
ALTER TABLE `PREFIX_product_shop` ADD `id_product_redirected` int(10) unsigned NOT NULL default '0' AFTER `active` , ADD `available_for_order` tinyint(1) NOT NULL default '1' AFTER `id_product_redirected`;
@@ -102,7 +102,7 @@ function updateOrderLineDisplay(domCheckbox)
function sendOrderMessage()
{
paramString = "ajax=true";
- $('#sendOrderMessage').find('input, textarea').each(function(){
+ $('#sendOrderMessage').find('input, textarea, select').each(function(){
paramString += '&' + $(this).attr('name') + '=' + encodeURIComponent($(this).val());
});

0 comments on commit 3e9e765

Please sign in to comment.