AbanteCart Community
Shopping Cart Operations => Support => General Support => Topic started by: Mahomed Dawood on April 21, 2022, 04:07:04 AM
-
Hi Guys
When adding a + sign to my product description or name and after hitting save on the admin change , the plus sign disappears , any idea on how i could allow it to be saved with the + sign in the name and description
Where can i make that code change ?
-
Hello.
Are you working in the visual editor?
-
Hi
Yes I am on the catalog page within the product
if I add a + sign to my product name , Description etc after I hit save it goes back to the name without the "+" sign in the name
eg Test Product 1B +
Hit save
Result
Test Product 1B
-
Hello.
Some symbols are filtered when saved to the database to prevent insecure code to execute.
-
Is there a way to change this filter in the code ?
-
Switch to html-mode of editor and replace + with + html entity.
Save and check on storefront.
-
Hi
Please note that this affects product name also , whereby the "+" sign dissapears when hitting save
-
Hello.
Some symbols are filtered when saved to the database to prevent insecure code to execute.
Hi
So i figured out what was wrong
Abantecart recently fixed a xss vulnerability which I logged
Topic
https://forum.abantecart.com/index.php/topic,9394.msg37087.html#msg37087
Fix
https://github.com/abantecart/abantecart-src/issues/1513
$data = htmlspecialchars(urldecode($data), ENT_COMPAT, 'UTF-8');
URL Decode was causing the special character "+" to turn into a whitespace
So I basically changed it to :
$data = htmlspecialchars(rawurldecode($data), ENT_COMPAT, 'UTF-8'); and it worked again
Please advise if this was the right approach ?