Prestashop: Validate scripts in CMS page

Created on 19 Nov 2020  路  3Comments  路  Source: PrestaShop/PrestaShop

In a previous project with version 1.7.5 i overrode the Validate.php class to allow for scripts in the content of a cms to be passed as valid.

`class Validate extends ValidateCore
{
function isCleanHtml($html)
{
return true;
}

}`

Basically passing any content as valid..

I did the same on a new 1.7.6.9 project but no matter what, when i save the page i always get a validation error...

What am i missing here? Are overrides dead? How should i intervene?

Sorry to ask this on github but the documentation is apparently outdated and the forums have always been kinda useless...

No change required
Source
picture zenotds

Most helpful comment

Hi @zenotds my guess is that the CMS BO page was migrated to Symfony in 1.7.6 so it's not the same code that performs the validation.

However your modification is very dangerous because it has disabled all HTML validation everywhere in your shop, which means some dangerous content could be passes in inputs, leaving your shop vulnerable.

The right place for questions is the Slack channel 馃槈 https://github.com/PrestaShop/open-source/blob/master/slack/readme.md

picture matks on 19 Nov 2020
3

All 3 comments

Hi @zenotds my guess is that the CMS BO page was migrated to Symfony in 1.7.6 so it's not the same code that performs the validation.

However your modification is very dangerous because it has disabled all HTML validation everywhere in your shop, which means some dangerous content could be passes in inputs, leaving your shop vulnerable.

The right place for questions is the Slack channel 馃槈 https://github.com/PrestaShop/open-source/blob/master/slack/readme.md

matks picture matks on 19 Nov 2020
3

Thanks for the quick response.
I know my iteration of override is dangerous, but i'm on a local env and i was just trying to figure out which file does what.

I imagine something has radically changed between .5 and .6 as i found reference to the same isCleanHtml function in js files and other places..

will try asking for help on slack... It's just a pity the official documentation and forums are always so outdated and incoherent...

zenotds picture zenotds on 19 Nov 2020

It's just a pity the official documentation and forums are always so outdated and incoherent...

Good news, this is an Open Source project, which means you can contribute and help fixing mistakes !

SimonGrn picture SimonGrn on 19 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

centoasa picture centoasa  路  3Comments
matks picture matks  路  3Comments
rGaillard picture rGaillard  路  3Comments
Prestaworks picture Prestaworks  路  3Comments
wikao2 picture wikao2  路  3Comments