NemoPS Posted December 12, 2013 Share Posted December 12, 2013 Hey everyone! I just finished writing a new tutorial, explaining how to extend the customization fields to accept longer text and html as well (this one was quite a struggle). Here it is! http://nemops.com/prestashop-customization-fields/ Fabio Link to comment Share on other sites More sharing options...
blue17 Posted December 14, 2013 Share Posted December 14, 2013 Thanks for sharing, but those modifications lead to potentially dangerous ground. What will happen when staff views the order details in backoffice? Are you confident the templates will not choke on any html embedded within the customization "value" string? Even if the templates do not choke, consider: Would-be attacker adds-to-cart and/or submits an order containing a customizable product, for which the attacker has embedded an html image tag to load a remote image (from a webserver he controls). When staff views order (or cart) details in backoffice, attacker notes the referer url reflected in his webserver log ~~ he now knows path to the shop's /admin scripts. To accommodate special cases (long, detailed customization instructions or html-laden content) surely it would be preferable to instruct a customer to "include a pastebin.com URL containing your detailed instructions (and/or html markup source code)". Link to comment Share on other sites More sharing options...
NemoPS Posted December 14, 2013 Author Share Posted December 14, 2013 Templates won't break as all html is being converted into a string representation. As for security flaws, everyone is responsible for its store. I wrote this tut as many people asked me how to add longer text and html into customization fields Link to comment Share on other sites More sharing options...
blue17 Posted December 17, 2013 Share Posted December 17, 2013 Thanks, Fabio. I read the tutorial again "Now we need to properly save our HTML. We don’t need REAL html, but a string representing it correctly, so that it can be read in the back office" and now understand that you have, in fact, considered the resulting backoffice template output. Link to comment Share on other sites More sharing options...
dmuty Posted February 13, 2016 Share Posted February 13, 2016 sorry, I'm waking up an old topic, but I tried to applied this to Prestashop 1.6.1.3 shop, but customers would add some spaces and linebreak in the text, and I would like to have linebreak showed in administration order page (and possibly also on order-opc page) but I don't see how to do that. Thanks in advance Link to comment Share on other sites More sharing options...
NemoPS Posted February 15, 2016 Author Share Posted February 15, 2016 It should be enough to use |nl2br when you output content in the back office, can you try that? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now