Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smarty の script_escape でサニタイズされる対象の追加 #492

Merged
merged 1 commit into from
Oct 27, 2021
Merged

Smarty の script_escape でサニタイズされる対象の追加 #492

merged 1 commit into from
Oct 27, 2021

Conversation

nanasess
Copy link
Contributor

@nanasess nanasess commented Oct 26, 2021
edited
Loading

@codecov-commenter
Copy link

Codecov Report

Merging #492 (868752d) into master (704c03c) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master     #492   +/-   ##
=========================================
  Coverage     46.62%   46.62%           
  Complexity       14       14           
=========================================
  Files            81       81           
  Lines         10580    10580           
=========================================
  Hits           4933     4933           
  Misses         5647     5647
Flag Coverage Δ
tests 46.62% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 704c03c...868752d. Read the comment docs.

@matsuoshi
Copy link
Contributor

@nanasess ありがとうございます、マージします

@matsuoshi matsuoshi merged commit eb43f49 into EC-CUBE:master Oct 27, 2021
@nanasess nanasess added this to the 2.17.2 milestone Oct 28, 2021
@bbkids
Copy link
Contributor

bbkids commented Nov 15, 2021
edited
Loading

この修正の後、フロント側で商品一覧のページナビゲーションが表示されなくなってしまいます。

list.tpl内の $tpl_strnavi の実行結果が
<span class="script" tag escaped#< div>
と返されるようになってしまった事が原因だと思われます。

@nanasess
Copy link
Contributor Author

@bbkids ご報告ありがとうございます。以下のように nofilter を付与することで改善しますでしょうか?

diff --git a/data/Smarty/templates/default/products/list.tpl b/data/Smarty/templates/default/products/list.tpl
index 17f5d7154..4f17e165a 100644
--- a/data/Smarty/templates/default/products/list.tpl
+++ b/data/Smarty/templates/default/products/list.tpl
@@ -116,7 +116,7 @@
                     <!--{/foreach}-->
                 </select>
             </div>
-            <div class="navi"><!--{$tpl_strnavi}--></div>
+            <div class="navi"><!--{$tpl_strnavi nofilter}--></div>
         </div>
     <!--{/capture}-->
     <!--▲ページナビ(本文)-->

@bbkids
Copy link
Contributor

bbkids commented Nov 15, 2021

早々にご対応有難う御座います。
ご教示頂きました通り、nofilter を付与することで改善致しました!

@nanasess nanasess mentioned this pull request Nov 16, 2021
Merged
@nanasess
Copy link
Contributor Author

@bbkids 以下、新たに Pull Request しましたが、他のページも対応が必要そうです
#496

@nanasess nanasess deleted the added-script-escape branch October 3, 2022 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nobuhiko nobuhiko nobuhiko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.17.2
Development

Successfully merging this pull request may close these issues.
5 participants
@nanasess @codecov-commenter @matsuoshi @bbkids @nobuhiko