Pursuant Posted April 24, 2008 Share Posted April 24, 2008 Can we, in the stable release of v1, please remove the limitation on HTML characters in an order message. mysql_real_escape_string() would take care of any sql injection problems. This removal of the limitation would greatly aid me in my production of the offline creditcard module. I stress this - exclusion of this limitation would let me release a working, stable, easy to use version of the offline creditcard module within a week. PLEASE prestashop team! Also, the bankwire module's fields have been changed, but everywhere else in the code for prestashop, bankwire->details is referred to as bankwire->iban1 and bankwire->bic1 or whatever they were. Even within the module itself it is referred to as such. --Kevin [email protected] Link to comment Share on other sites More sharing options...
DrÿSs' Posted April 30, 2008 Share Posted April 30, 2008 Can we, in the stable release of v1, please remove the limitation on HTML characters in an order message. mysql_real_escape_string() would take care of any sql injection problems. This removal of the limitation would greatly aid me in my production of the offline creditcard module. I stress this - exclusion of this limitation would let me release a working, stable, easy to use version of the offline creditcard module within a week. PLEASE prestashop team! You want us to put HTML code in the order message ? Just go in class/Message.php and at line 42 : protected $fieldsValidate = array( 'message' => 'isMessage', 'id_cart' => 'isUnsignedId', 'id_order' => 'isUnsignedId', 'id_customer' => 'isUnsignedId', 'id_employee' => 'isUnsignedId', 'private' => 'isBool'); Now, remove 'message' => 'isMessage', and it's good for validation with HTML code. Also, the bankwire module's fields have been changed, but everywhere else in the code for prestashop, bankwire->details is referred to as bankwire->iban1 and bankwire->bic1 or whatever they were. Even within the module itself it is referred to as such. These bugs have already been reported and will be fixed for RC3 (coming today hopefully). Link to comment Share on other sites More sharing options...
Pursuant Posted April 30, 2008 Author Share Posted April 30, 2008 Awesome, thanks for the reply. The reason I need this is for the offline creditcard module. Should I just include a modified Message.php class with the module (this might get a little too advanced), or will the html limitation be removed for future releases? Link to comment Share on other sites More sharing options...
DrÿSs' Posted April 30, 2008 Share Posted April 30, 2008 We don't have planed to remove the limitation. But including the class file in your module package is bad (no possibility to upgrade it in the further). I think just a file to explain what user have to do (remove the line I said you) is better. But why do you use the class Message for your module ? Link to comment Share on other sites More sharing options...
Pursuant Posted April 30, 2008 Author Share Posted April 30, 2008 I am creating an offline creditcard module, and I have found no better way to give access to the information than just adding an order message. If you would like to email me or PM me via this forum, I can give you a slightly more in-depth explanation & send you the package to take a look at. Why is the limitation there anyways? I don't really see any malicious use for html tags within an order message. Letting HTML exist there would probably aid the production of payment modules - it gives developers a way to easily add information to an order through the validateOrder() function. Link to comment Share on other sites More sharing options...
Recommended Posts