In the XCart 4.1.x branch you can also add the "product" field to the $trusted_post_variables array in the following files to stop tags from being stripped from the product title. You simply need to modify the following files:
/xcart/provider/product_modify.php
/xcart/admin/product_modify.php
Near the top of each of those files is a line that looks like:
PHP Code:
$trusted_post_variables = array("product_lng","product_new_descr","product_new_full_descr","descr","fulldescr","posted_data","js_code","efields");
Simply add the "product" field to the array definition like so:
PHP Code:
$trusted_post_variables = array("product","product_lng","product_new_descr","product_new_full_descr","descr","fulldescr","posted_data","js_code","efields");
I do not know what security holes this could open up other than possibly making it easy for unscrupulous providers to create some kind of script attack via the product title field.
__________________
www.brettbrewer.com
Getting back into x-cart dev after a long hiatus. Modded lots of x-carts from version 3.1.x to 4.1.x. Developer of ImageScaler mod, Pre-login per user coupon mod, Wordpress feed mod, DigitalSubscriptions mod, Phonetic bulk download keys addon for DownloadExpander mod, Serial Number Generator for ESD products, Custom CMS/LMS integrations, external products mod, and more.