dinislage/PrestaShop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[-] BO : fixed quote issue with magic quote in customization in adminorders #PSCFV-9311

Browse Source
This commit is contained in:
Damien Metzger
2013-06-17 11:40:35 +02:00
parent c53d2d04ce
commit aefc22bb10
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
admin-dev/themes/default/template/controllers/orders/form.tpl
View File

@@ -28,13 +28,13 @@
var changed_shipping_price = false;
var shipping_price_selected_carrier = '';
var current_index = '{$current}&token={$token}';
var admin_cart_link = '{$link->getAdminLink('AdminCarts')|escape:'html'}';
var admin_cart_link = '{$link->getAdminLink('AdminCarts')|addslashes}';
var cart_quantity = new Array();
var currencies = new Array();
var id_currency = '';
var id_lang = '';
var txt_show_carts = '{l s='Show carts and orders for this customer.'}';
var txt_hide_carts = '{l s='Hide carts and orders for this customer.'}';
var txt_show_carts = '{l s='Show carts and orders for this customer.' js='1'}';
var txt_hide_carts = '{l s='Hide carts and orders for this customer.' js='1'}';
var defaults_order_state = new Array();
var customization_errors = false;
var pic_dir = '{$pic_dir}';
@@ -661,17 +661,17 @@
{
$.each(this.customized_datas[this.id_product][this.id_product_attribute][id_address_delivery], function() {
var customized_desc = '';
if(this.datas[1].length)
if (this.datas[1].length)
{
$.each(this.datas[1],function() {
customized_desc += this.name+':'+this.value+'<br />';
customized_desc += this.name + ': ' + this.value + '<br />';
id_customization = this.id_customization;
});
}
if(this.datas[0] && this.datas[0].length)
if (this.datas[0] && this.datas[0].length)
{
$.each(this.datas[0],function() {
customized_desc += this.name+':<img src="'+pic_dir+this.value+'_small" /><br />';
customized_desc += this.name + ': <img src="' + pic_dir + this.value + '_small" /><br />';
id_customization = this.id_customization;
});
}

6
controllers/admin/AdminCartsController.php
View File

@@ -273,15 +273,15 @@ class AdminCartsControllerCore extends AdminController
$field_id = 'customization_'.$id_product.'_'.$customization_field['id_customization_field'];
if ($customization_field['type'] == Product::CUSTOMIZE_TEXTFIELD)
{
if (!isset($_POST[$field_id]) || empty($_POST[$field_id]))
if (!Tools::getValue($field_id))
{
if ($customization_field['required'])
$errors[] = Tools::displayError('Please fill in all the required fields.');
continue;
}
if (!Validate::isMessage($_POST[$field_id]) || empty($_POST[$field_id]))
if (!Validate::isMessage(Tools::getValue($field_id)))
$errors[] = Tools::displayError('Invalid message');
$this->context->cart->addTextFieldToProduct((int)$product->id, (int)$customization_field['id_customization_field'], Product::CUSTOMIZE_TEXTFIELD, $_POST[$field_id]);
$this->context->cart->addTextFieldToProduct((int)$product->id, (int)$customization_field['id_customization_field'], Product::CUSTOMIZE_TEXTFIELD, Tools::getValue($field_id));
}
elseif ($customization_field['type'] == Product::CUSTOMIZE_FILE)
{