Quote:
|
Originally Posted by pkwsg
This was a bit of a shock. Can I ask why this was considered a bug?
Is the feature of importing HTML product data officially removed?
Does this mean that if we want to use the export/import feature for moving a store between installations - that all the HTML will be blown away? This effectively means that HTML in product fields (and extra fields) is no longer a supported feature.
Please explain?
|
For reasons of security, X-Cart employs a built-in routine to validate input data. This routine cuts off all tags from the input parameters passed via POST/GET/COOKIES. However, some data (like product and category descriptions, language variables etc) need to contain HTML code. In order for the above mentioned validation routine not to affect such input variables, we use a special constant at the beginning of scripts. Below is an example from admin/product_modify.php:
Code:
define('USE_TRUSTED_POST_VARIABLES',1);
$trusted_post_variables = array("product_lng","product_new_descr","product_new_full_descr", "descr","fulldescr", "posted_data","js_code");
The import procedure simply duplicates this validation for the data passed from CSV file.