Prestashop 1.6.1.6 无效的简短描述产品使用 javascript
Prestashop 1.6.1.6 Invalid Short Description Product using javascript
我有一个干净的 Prestashop 1.6.1.6 安装。我已将 Javascript 包含在简短描述产品中。
当我保存我的产品 Prestashop 时显示错误:
Invalid short Description
当我只在我的产品描述中保存文本时没有错误。
Prestashop 首选项:
- HTML 净化器=否
- Iframes HTML=是
- 简短说明长=0
如何像旧版 Prestashop 一样在简短描述中添加 javascript?
如果你看一下Product.php
类的定义:
'description' => array('type' => self::TYPE_HTML, 'lang' => true, 'validate' => 'isCleanHtml'),
'description_short' => array('type' => self::TYPE_HTML, 'lang' => true, 'validate' => 'isCleanHtml'),
你看到它使用 isCleanHtml
验证器。
这里是 isCleanHtml
验证器:
/**
* Check for HTML field validity (no XSS please !)
*
* @param string $html HTML field to validate
* @return bool Validity is ok or not
*/
public static function isCleanHtml($html, $allow_iframe = false)
{
$events = 'onmousedown|onmousemove|onmmouseup|onmouseover|onmouseout|onload|onunload|onfocus|onblur|onchange';
$events .= '|onsubmit|ondblclick|onclick|onkeydown|onkeyup|onkeypress|onmouseenter|onmouseleave|onerror|onselect|onreset|onabort|ondragdrop|onresize|onactivate|onafterprint|onmoveend';
$events .= '|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onmove';
$events .= '|onbounce|oncellchange|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondeactivate|ondrag|ondragend|ondragenter|onmousewheel';
$events .= '|ondragleave|ondragover|ondragstart|ondrop|onerrorupdate|onfilterchange|onfinish|onfocusin|onfocusout|onhashchange|onhelp|oninput|onlosecapture|onmessage|onmouseup|onmovestart';
$events .= '|onoffline|ononline|onpaste|onpropertychange|onreadystatechange|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onsearch|onselectionchange';
$events .= '|onselectstart|onstart|onstop';
if (preg_match('/<[\s]*script/ims', $html) || preg_match('/('.$events.')[\s]*=/ims', $html) || preg_match('/.*script\:/ims', $html)) {
return false;
}
if (!$allow_iframe && preg_match('/<[\s]*(i?frame|form|input|embed|object)/ims', $html)) {
return false;
}
return true;
}
您可以在 <script>
个元素上看到测试。
现在的解决方案是覆盖 Product.php
类并删除对产品描述的验证。
创建文件(或更新它)/override/classes/Product.php
:
<?php
class Product extends ProductCore
{
public function __construct($id_product = null, $full = false, $id_lang = null, $id_shop = null, Context $context = null)
{
// Here we remove script validation on description_short field
unset(static::$definition['fields']['description_short']['validate']);
parent::__construct($id_product, $full, $id_lang, $id_shop, $context);
}
}
如果创建此文件,则必须删除 /cache/class_index.php
以便 Prestashop 考虑此覆盖。
已测试并正常工作。
我有一个干净的 Prestashop 1.6.1.6 安装。我已将 Javascript 包含在简短描述产品中。
当我保存我的产品 Prestashop 时显示错误:
Invalid short Description
当我只在我的产品描述中保存文本时没有错误。
Prestashop 首选项:
- HTML 净化器=否
- Iframes HTML=是
- 简短说明长=0
如何像旧版 Prestashop 一样在简短描述中添加 javascript?
如果你看一下Product.php
类的定义:
'description' => array('type' => self::TYPE_HTML, 'lang' => true, 'validate' => 'isCleanHtml'),
'description_short' => array('type' => self::TYPE_HTML, 'lang' => true, 'validate' => 'isCleanHtml'),
你看到它使用 isCleanHtml
验证器。
这里是 isCleanHtml
验证器:
/**
* Check for HTML field validity (no XSS please !)
*
* @param string $html HTML field to validate
* @return bool Validity is ok or not
*/
public static function isCleanHtml($html, $allow_iframe = false)
{
$events = 'onmousedown|onmousemove|onmmouseup|onmouseover|onmouseout|onload|onunload|onfocus|onblur|onchange';
$events .= '|onsubmit|ondblclick|onclick|onkeydown|onkeyup|onkeypress|onmouseenter|onmouseleave|onerror|onselect|onreset|onabort|ondragdrop|onresize|onactivate|onafterprint|onmoveend';
$events .= '|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onmove';
$events .= '|onbounce|oncellchange|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondeactivate|ondrag|ondragend|ondragenter|onmousewheel';
$events .= '|ondragleave|ondragover|ondragstart|ondrop|onerrorupdate|onfilterchange|onfinish|onfocusin|onfocusout|onhashchange|onhelp|oninput|onlosecapture|onmessage|onmouseup|onmovestart';
$events .= '|onoffline|ononline|onpaste|onpropertychange|onreadystatechange|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onsearch|onselectionchange';
$events .= '|onselectstart|onstart|onstop';
if (preg_match('/<[\s]*script/ims', $html) || preg_match('/('.$events.')[\s]*=/ims', $html) || preg_match('/.*script\:/ims', $html)) {
return false;
}
if (!$allow_iframe && preg_match('/<[\s]*(i?frame|form|input|embed|object)/ims', $html)) {
return false;
}
return true;
}
您可以在 <script>
个元素上看到测试。
现在的解决方案是覆盖 Product.php
类并删除对产品描述的验证。
创建文件(或更新它)/override/classes/Product.php
:
<?php
class Product extends ProductCore
{
public function __construct($id_product = null, $full = false, $id_lang = null, $id_shop = null, Context $context = null)
{
// Here we remove script validation on description_short field
unset(static::$definition['fields']['description_short']['validate']);
parent::__construct($id_product, $full, $id_lang, $id_shop, $context);
}
}
如果创建此文件,则必须删除 /cache/class_index.php
以便 Prestashop 考虑此覆盖。
已测试并正常工作。