re move UNION from the blacklist in db.php

hello

am not using the check module so I made it a western union module by changing lang variables only

now if someone chooses it it says:

name – mobile phone – location

is that the same you are aiming at??

whitelighter - 11 December 2008 06:06 PM

Try using double quotes instead of single. You can try using an sql escape function like mysql_real_escape_string or a substitute from the db class too.

Just tried and both ideas failed!

So apart from renaming to “Onion” or some such thing, it seems like removing UNION from the blacklist in db.php is the only solution. Really??? However that requires user modifying core code, which could make the module break during an upgrade. Also, it’s in the blacklist for a reason, so it must be a security concern.

I think the Prestashop team are trying to come up with an alternative to the blacklist. Until then, you could try using codes like U or the union symbol ∪ in place of the U in union or if that doesn’t work then |_|. There must be a way to write “Union” that isn’t a security risk and so won’t be blacklisted. You might need to be creative.

rocky - 15 December 2008 07:37 AM

I think the Prestashop team are trying to come up with an alternative to the blacklist. Until then, you could try using codes like U or the union symbol ∪ in place of the U in union or if that doesn’t work then |_|. There must be a way to write “Union” that isn’t a security risk and so won’t be blacklisted. You might need to be creative.

The word “Union” is not allowed in addresses either. So people living on “Union Street” , “Union Square” etc always have problems. Anyone find a way to go around this? My customers will not know to use |_| or whatever. It turns them away.

clokwise - 10 December 2008 06:57 PM

I managed to solve this problem and finish the module, however the solution is ridiculous and I can’t explain it.

It all boiled down to a single line of code!!

The original code:

$this->displayName = $this->l(‘Bank Wire’);

which I had changed to

$this->displayName = $this->l(‘Western Union’);

Seems innocuous, no?

Turns out the word “Union” within the displayName variable completely screws up Prestashop!! I have changed it to this for the time being:

$this->displayName = $this->l(‘Western Onion’);

And it works just fine.

Can ANYONE explain why this is a bug????

Western Onion?!

I am laughing a lot, for three days or more. Very fun, sorry.

Yeah, this has been a constant problem with Prestashop that seems to keep being ignored. A simple escaping procedure (similar to the current pSQL() function already in Prestashop) would take care of this blacklist problem once and for all.

—Kevin

me he does not work maybe someone has a separate module for the Western Union? Not to intall over bankwire?