You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a global variable which adds a class to hide header and navigation elements when you are on a checkout page; this allows for the "distraction free" checkout process we introduced in Shadows. Unfortunately, the output of the variable is not entity-encoded which could open an page up for exploit.
Correcting the Issue
The quickest way to correct this issue is to install the Template Search and Replace Module, search for &mvt:global:checkout_hidden;, and replace it with &mvte:global:checkout_hidden; then search for &mvt:global:checkout_shown;, and replace it with &mvte:global:checkout_shown;. I have added this update and it will be included in the next maintenance release.
The text was updated successfully, but these errors were encountered:
There is a global variable which adds a class to hide header and navigation elements when you are on a checkout page; this allows for the "distraction free" checkout process we introduced in Shadows. Unfortunately, the output of the variable is not entity-encoded which could open an page up for exploit.
Correcting the Issue
The quickest way to correct this issue is to install the Template Search and Replace Module, search for
&mvt:global:checkout_hidden;
, and replace it with&mvte:global:checkout_hidden;
then search for&mvt:global:checkout_shown;
, and replace it with&mvte:global:checkout_shown;
. I have added this update and it will be included in the next maintenance release.The text was updated successfully, but these errors were encountered: