AbanteCart Community

Shopping Cart Operations => Support => General Support => Topic started by: Mahomed Dawood on April 21, 2022, 04:07:04 AM

Title: + sign disappears when hitting save on a product
Post by: Mahomed Dawood on April 21, 2022, 04:07:04 AM
Hi Guys

When adding a + sign to my product description or name and after hitting save on the admin change , the plus sign disappears , any idea on how i could allow it to be saved with the + sign in the name and description

Where can i make that code change ?
Title: Re: + sign disappears when hitting save on a product
Post by: Basara on April 21, 2022, 07:27:54 AM
Hello.

Are you working in the visual editor?
Title: Re: + sign disappears when hitting save on a product
Post by: Mahomed Dawood on April 21, 2022, 08:42:51 AM
Hi

Yes I am on the catalog page within the product

if I add a + sign to my product name , Description etc after I hit save it goes back to the name without the "+" sign in the name

eg Test Product 1B +

Hit save

Result

Test Product 1B
Title: Re: + sign disappears when hitting save on a product
Post by: Basara on April 22, 2022, 12:46:00 AM
Hello.
Some symbols are filtered when saved to the database to prevent insecure code to execute.
Title: Re: + sign disappears when hitting save on a product
Post by: Mahomed Dawood on April 22, 2022, 03:15:32 AM
Is there a way to change this filter in the code ?
Title: Re: + sign disappears when hitting save on a product
Post by: abolabo on April 22, 2022, 03:47:09 AM
Switch to html-mode of editor and replace + with + html entity.
Save and check on storefront.

Title: Re: + sign disappears when hitting save on a product
Post by: Mahomed Dawood on April 22, 2022, 04:13:04 AM
Hi

Please note that this affects product name also , whereby the "+" sign dissapears when hitting save
Title: Re: + sign disappears when hitting save on a product
Post by: Mahomed Dawood on April 25, 2022, 03:53:19 PM
Hello.
Some symbols are filtered when saved to the database to prevent insecure code to execute.

Hi

So i figured out what was wrong

Abantecart recently fixed a xss vulnerability which I logged

Topic
https://forum.abantecart.com/index.php/topic,9394.msg37087.html#msg37087

Fix
https://github.com/abantecart/abantecart-src/issues/1513

 $data = htmlspecialchars(urldecode($data), ENT_COMPAT, 'UTF-8');

URL Decode was causing the special character "+" to turn into a whitespace

So I basically changed it to :
 $data = htmlspecialchars(rawurldecode($data), ENT_COMPAT, 'UTF-8');  and it worked again

Please advise if this was the right approach ?