View Issue Details

IDProjectCategoryView StatusLast Update
0004985OXID eShop (all versions)2.6. Administer orderspublic2014-02-24 13:55
Reportermarco_steinhaeuser 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.7.3 / 5.0.3 revision 54408 
Target Version4.8.5 / 5.1.5Fixed in Version4.9.0_5.2.0_beta1 
Summary0004985: escape "/" input in last name field
DescriptionThe PDF invoices are generated in this format:
[number]_[lastname].pdf

If a client enters a forward slash in the field for the last name, the PDF will not be generated as a forward slash means a path in linux based systems.

This slash shall be escaped while storing the last name to the database.
Steps To ReproduceRegister with a "/" in the last name field. Order something. Try to print a PDF invoice for this order.
TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Versionany
MySQL Versionany

Activities

FibreFoX

2013-03-08 16:53

reporter   ~0008496

May be related to https://bugs.oxid-esales.com/view.php?id=4140

tadas

2014-02-24 13:55

reporter   ~0009592

Added filename parsing for pdf generation. Will remove non valid characters now. Appropriate characters in name are 'a-zA-z0-9.-_'