Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure MIN and MAX values from groups 2 and 3 are integer #2471

Merged
merged 1 commit into from Jun 25, 2019

Conversation

Projects
None yet
4 participants
@scottcwilson
Copy link
Contributor

commented Jun 20, 2019

Blocks script injection into fields used in Javascript validation.

@scottcwilson

This comment has been minimized.

Copy link
Contributor Author

commented Jun 20, 2019

Recommended for backport to 1.5.6c.

@mc12345678

This comment has been minimized.

Copy link
Contributor

commented Jun 20, 2019

If this is to become a thing, then would suggest (at some point) using/populating the val_function for these constants to have them be integers as well possibly by the validation filter FILTER_VALIDATE_INT.

@scottcwilson

This comment has been minimized.

Copy link
Contributor Author

commented Jun 20, 2019

I like that idea as a future enhancement, but this specific PR is an "anti-bad-guy" change. They're not using the admin panel - they're modifying the db directly.

@wiztechinc

This comment has been minimized.

Copy link

commented Jun 25, 2019

The fix is reasonable. I would like to know how in the world this is happening to begin with. That to me is the larger issue.

@zcwilt zcwilt merged commit a9d2bdf into zencart:v157 Jun 25, 2019

@scottcwilson scottcwilson deleted the scottcwilson:make_min_max_int branch Jun 27, 2019

@zcwilt zcwilt added the Backport label Jul 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.