di@mond Posted January 20, 2009 Share Posted January 20, 2009 Hey allI was just adding products in my test store and i came across a word that prestashop wont accept in the product discription.Go to any product discription and type the word "cascade" and try to save it........Presta wont let you save any discription with word cascade in it. Anyone know why??diamond Link to comment Share on other sites More sharing options...
rocky Posted January 20, 2009 Share Posted January 20, 2009 The word "cascade" is on a blacklist in Db.php to prevent MySQL injection attacks, I think. You can remove the word from the blacklist, but this could create a security problem. Maybe you could remove it from the blacklist, add the product with the word "cascade", then put it back in the blacklist again? Link to comment Share on other sites More sharing options...
snllll Posted January 20, 2009 Share Posted January 20, 2009 rocky 说的没错!在classes\Db.php的第49行中罗列了可能引起sql攻击的关键词,包括:UNION|LOAD_FILE|OUTFILE|DUMPFILE|ESCAPED|TERMINATED|CASCADE|INFILE|X509|TRIGGER|REVOKE 。解决方法就是:要么如rocky所说,从过滤函数中剔除CASCADE,但这样做会导致安全方面的隐患;要么,只能更改关键词,如在”CASCADE“中加入空格变成“CAS CADE”应该就可以了。只好如此了! Link to comment Share on other sites More sharing options...
Recommended Posts