New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add additional sanitization to comments and password fields #563

Merged
merged 2 commits into from Sep 22, 2015
File filter...
Filter file types
Jump to file or symbol
Failed to load files and symbols.
+7 −8
Diff settings

Always

Just for now

@@ -4,10 +4,10 @@
* HTML-generating functions used throughout the core
*
* @package functions
* @copyright Copyright 2003-2014 Zen Cart Development Team
* @copyright Copyright 2003-2015 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version GIT: $Id: Author: DrByte Sat Apr 19 13:30:33 2014 -0400 Modified in v1.5.3 $
* @version GIT: $Id: Author: DrByte Modified in v1.5.5 $
*/
/*
@@ -399,7 +399,7 @@ function zen_draw_input_field($name, $value = '', $parameters = '', $type = 'tex
* Output a form password field
*/
function zen_draw_password_field($name, $value = '', $parameters = 'maxlength="40"') {
return zen_draw_input_field($name, $value, $parameters, 'password', true);
return zen_draw_input_field($name, $value, $parameters, 'password', false);
}
/*
@@ -574,4 +574,3 @@ function zen_href_params($page = '', $parameters = '') {
|| $current_page_base=='down_for_maintenance') $addparms = 'rel="nofollow"';
return ($parameters == '' ? $addparms : $parameters . ' ' . $addparms);
}
?>
@@ -3,10 +3,10 @@
* checkout_confirmation header_php.php
*
* @package page
* @copyright Copyright 2003-2013 Zen Cart Development Team
* @copyright Copyright 2003-2015 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version GIT: $Id: Author: DrByte Wed Nov 6 16:20:00 2013 -0500 Modified in v1.5.2 $
* @version GIT: $Id: Author: DrByte Wed Nov 6 16:20:00 2013 -0500 Modified in v1.5.5 $
*/
// This should be first line of the script:
@@ -45,7 +45,8 @@
}
if (isset($_POST['payment'])) $_SESSION['payment'] = $_POST['payment'];
$_SESSION['comments'] = $_POST['comments'];
$_SESSION['comments'] = zen_output_string_protected($_POST['comments']);
//'checkout_payment_discounts'
//zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
@@ -170,4 +171,3 @@
// This should be last line of the script:
$zco_notifier->notify('NOTIFY_HEADER_END_CHECKOUT_CONFIRMATION');
?>
ProTip! Use n and p to navigate between commits in a pull request.