trajanstudio Posted January 5, 2010 Share Posted January 5, 2010 hi,i've noticed on all prestashop contact-form.php pages that it does not read #, the number sign. Weird, I know.you can test it out for yourself.type in message: test 1234then type in message: test #1234you will see an invalid message error.How can I add #, the number sign so the form will not spit back the invalid message error?thanks Link to comment Share on other sites More sharing options...
hawaii350 Posted March 13, 2010 Share Posted March 13, 2010 Quite a large problem indeed. I've never noticed it before. Anyone have a solution? Link to comment Share on other sites More sharing options...
ioane Posted March 13, 2010 Share Posted March 13, 2010 you have to modify classes / Validate.php from: static public function isMessage($message) { return preg_match('/^([^<>#{}]| )*$/ui', $message); } to: static public function isMessage($message) { return preg_match('/^([^<>{}]| )*$/ui', $message); } Not sure why they didn't allow to have # in the message... Link to comment Share on other sites More sharing options...
hawaii350 Posted March 13, 2010 Share Posted March 13, 2010 It's always something simple Thanks for the help! Link to comment Share on other sites More sharing options...
shopimport.nl Posted June 14, 2010 Share Posted June 14, 2010 It's not good enough to show 'invalid message' when one of the characters ^<>#{} is used. For two reasons: 1- it's still not clear to client WHAT is not valid. 2- it should not bother to the client!So I replace the characters before validating. In the contact-from.php located in the root of your shop I've changed this: if (!($from = Tools::getValue('from')) OR !Validate::isEmail($from)) $errors[] = Tools::displayError('invalid e-mail address'); elseif (!($message = nl2br2(Tools::getValue('message')))) into: $message = Tools::getValue('message'); $message = str_replace(array('^','<','>','#','{','}'),array('','[',']','*','(',')'),$message ); if (!($from = Tools::getValue('from')) OR !Validate::isEmail($from)) $errors[] = Tools::displayError('invalid e-mail address'); elseif (!($message = nl2br2( $message ))) As you can see the 6 special characters are replaced prior to validating these and so no error will appear for the client and the replacement characters will do most of the times (or you a free to change these). I didn't try to escape the characters because I cannot forsee other sideeffects and maybe spammers / hackers will still be able to do bad things.It worked for my on both 1.2.5 and 1.3.1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now