Sito Lab Posted January 13, 2014 Share Posted January 13, 2014 (edited) prestashop version 1.5.4.1 I went to preferences -> Customer -> and I have activated recording process type "Standard (account creation and address) once selected this I did save but I get this error Can not add configuration PS_CART_FOLLOWING also activating other method of recording Can not add configuration PS_REGISTRATION_PROCESS_TYPE Can not add configuration PS_CART_FOLLOWING what happened? Edited January 13, 2014 by lui1969 (see edit history) Link to comment Share on other sites More sharing options...
tuxinside Posted January 14, 2014 Share Posted January 14, 2014 (edited) Same problem here! I discovered that only this morning. How to solve!? Someone have some idea? Edited January 14, 2014 by tuxinside (see edit history) Link to comment Share on other sites More sharing options...
tuxinside Posted January 14, 2014 Share Posted January 14, 2014 Okkkkkkkkk, after a few hours spent cursing, i found the problem. In my case was function isCleanHtml() on file /class/validate.php modified following a guide finded on internet... and wrong. Solution: File validate.php overwrited with original, and now everything work fine! Best Regards, Simone Giusti Link to comment Share on other sites More sharing options...
vekia Posted January 16, 2014 Share Posted January 16, 2014 hello may i know what override you've got ? the weirdest thing is fact, that isCleanHtml isnt related to problem described in first post. Link to comment Share on other sites More sharing options...
Sito Lab Posted January 17, 2014 Author Share Posted January 17, 2014 the problem I could not solve it, because it was a new install, I deleted it, created a new db and perform a new installation Link to comment Share on other sites More sharing options...
tuxinside Posted January 17, 2014 Share Posted January 17, 2014 @Vekia: Hi Vekia, i have modified isCleanHtml() to remove control of <script> tag, following an online guide. Unfortunately, the guide was incorrect and caused an incorrect return() value, which in turn caused the error "Can not add configuration" during the settings update on back office. @lui1969: with new istallation have you solved the problem? Link to comment Share on other sites More sharing options...
pablog Posted January 22, 2014 Share Posted January 22, 2014 @Vekia: I had the same issue because I followed your "Full featured rich editor on product edit page" guide. I have "undo" all changes and the error has gone. Can you please check your guide? Thanks a lot. Link to comment Share on other sites More sharing options...
tuxinside Posted January 22, 2014 Share Posted January 22, 2014 (edited) @pablog: here's how I did to solve the problem: (after modification of admin theme...) i have add in /classes/validate.php public static function isCleanHtml2($html, $allow_iframe = false) { $events = 'onmousedown|onmousemove|onmmouseup|onmouseover|onmouseout|onload|onunload|onfocus|onblur|onchange'; $events .= '|onsubmit|ondblclick|onclick|onkeydown|onkeyup|onkeypress|onmouseenter|onmouseleave|onerror|onselect|onreset|onabort|ondragdrop|onresize|onactivate|onafterprint|onmoveend'; $events .= '|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onmove'; $events .= '|onbounce|oncellchange|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondeactivate|ondrag|ondragend|ondragenter|onmousewheel'; $events .= '|ondragleave|ondragover|ondragstart|ondrop|onerrorupdate|onfilterchange|onfinish|onfocusin|onfocusout|onhashchange|onhelp|oninput|onlosecapture|onmessage|onmouseup|onmovestart'; $events .= '|onoffline|ononline|onpaste|onpropertychange|onreadystatechange|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onsearch|onselectionchange'; $events .= '|onselectstart|onstart|onstop'; return true; } and i have modified /classes/product.php (about row 300) 'description' => array('type' => self::TYPE_HTML, 'lang' => true, 'validate' => 'isCleanHtml'), to 'description' => array('type' => self::TYPE_HTML, 'lang' => true, 'validate' => 'isCleanHtml2'), Following Vekia guide i think that some hacker could inject malicious code in front office! I hope that my modification will be of help. Best Regards, Simone Giusti PS: i don't know if in funtion isCleanHtml2, $events could be removed... Edited January 22, 2014 by tuxinside (see edit history) Link to comment Share on other sites More sharing options...
vekia Posted January 22, 2014 Share Posted January 22, 2014 nice one i will update art asap but the weirdest thing is fact... that isCleanHtml is only for... descriptions, not for configuration fields :| Link to comment Share on other sites More sharing options...
tuxinside Posted January 22, 2014 Share Posted January 22, 2014 @Vekia: i don't know prestashop code well, so i can't say who and where function isCleanHtml() in called... but i know that editing isCleanHtml() removing security control, i was able to insert jquery code from front office contact page... Link to comment Share on other sites More sharing options...
Recommended Posts