Uploaded image for project: 'Prestashop Core Application V1.4'
  1. Prestashop Core Application V1.4
  2. PSCFI-5231

Duplicate product with custom features doesn't work (value not sanitize before injected into SQL query)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4.7.0
    • Fix Version/s: None
    • Security Level: All-users
    • Labels:
      None

      Description

      Duplicate product with custom features doesn't work (value not sanitize before injected into SQL query).
      For exemple, if a product have a custom features : " l ' avancement " (quote problem).

      Here the correction :

      In /classes/Product.php in the "duplicateFeatures" method, replace :

      foreach ($languages as $language) {
      	$result3 = Db::getInstance()->getRow(.........);
      	$result3['id_feature_value'] = $new_id_feature_value;
      	$return &= Db::getInstance()->AutoExecute(_DB_PREFIX_.'feature_value_lang', $result3, 'INSERT');
      }
      {/code}
      
      by :
      
      

      foreach ($languages as $language)

      { $result3 = Db::getInstance()->getRow(.........); $result3['id_feature_value'] = $new_id_feature_value; $result3['value'] = pSQL($result3['value']); $return &= Db::getInstance()->AutoExecute(_DB_PREFIX_.'feature_value_lang', $result3, 'INSERT'); } {/code}

        Attachments

          Activity

            People

            • Assignee:
              bLeveque Bruno LEVEQUE
              Reporter:
              mrmanchot Mouleyre C├ędric
            • Votes:
              3 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: