Quote:
|
Originally Posted by aim
Thank you for the quick WA.
I have reuploaded the upgrade packs with this addition in the patch.sql file
Code:
-- Thanks to Steve Stoyanov (Cflsystems)
UPDATE `xcart_orders` SET `all_userid` = `userid` WHERE `all_userid`=0;
|
I believe the new function to generate accounts for anonymous customers does not escape street names, as it has problems inserting anonymous accounts with streets that contain a '.
For example: Avenue de l'Europe
The query becomes:
Code:
INSERT INTO xcart_address_book (`title`, `firstname`, `lastname`, `address`, `city`, `county`, `state`, `country`, `zipcode`, `zip4`, `phone`, `fax`, `default_b`, `default_s`, `userid`) VALUES (■, 'FIRSTNAME', 'LASTNAME', 'Avenue de l'Europe
droite', 'VИlizy-Villacoublay', ■, ■, 'FR', '123456', ■, '33633045883', ■, 'Y', 'Y', '19027')
As you can see the street name is not escaped.
My logs contain multiple errors related to executing this function and they all have street names with an ' in it.