zencart v1.3.9h后台产品编辑时问题修改

zencart v1.3.9h后台产品编辑时产品名，产品描述，产品型号信息未读出问题

Symptoms:
a) Using PHP version lower than 5.2.3(and 5.2.3 is LESS THAN 5.2.13, for example. ie: 3 is less than 13)
b) Zen Cart v1.3.9h
c) On admin "home" page you notice that your list of customers shows only dates, not names.
d) On admin product-edit screen you notice that the product name, description, and model number are empty when editing a product.

NOTE: If you're using such an old version of PHP, then your site is certainly not PCI-Compliant, and is thus likely to contain known security problems in PHP, and you should be upgrading your hosting to a newer version of PHP.

The following is ONLY a workaround for the symptoms mentioned above, and is NOT needed if you're using a current version of PHP.

Solution:
Strictly speaking, this is only necessary if you're using a PHP version lower than PHP 5.2.3

1. /admin/includes/functions/general.php
Line 39, change from:

Code:
return htmlspecialchars($string, ENT_COMPAT, CHARSET, FALSE);to:
Code:
return htmlspecialchars($string, ENT_COMPAT, CHARSET);2. /admin/includes/modules/product/collect_info.php
(and if you use the other product types too, then *those* collect_info.php files as well. See below for the list of filenames.)
Action: You have two choices:
either:
a) revert these files back to v1.3.9g versions (recommended, since it's simpler)
or
b) make similar edits in 3 places in each file, removing the ", TRUE" in each of these sections of code:
Approx line 299:
Code:
<td class="main"><?php echo zen_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . '&nbsp;' . zen_draw_input_field('products_name[' . $languages[$i]['id'] . ']', (isset($products_name[$languages[$i]['id']]) ? htmlspecialchars(stripslashes($products_name[$languages[$i]['id']]), ENT_COMPAT, CHARSET, TRUE) : htmlspecialchars(zen_get_products_name($pInfo->products_id, $languages[$i]['id']), ENT_COMPAT, CHARSET, TRUE)), zen_set_field_length(TABLE_PRODUCTS_DESCRIPTION, 'products_name')); ?></td>Approx line 412:
Code:
echo zen_draw_textarea_field('products_description[' . $languages[$i]['id'] . ']', 'soft', '100%', '30', (isset($products_description[$languages[$i]['id']])) ? htmlspecialchars(stripslashes($products_description[$languages[$i]['id']]), ENT_COMPAT, CHARSET, TRUE) : htmlspecialchars(zen_get_products_description($pInfo->products_id, $languages[$i]['id']), ENT_COMPAT, CHARSET, TRUE)); //,'id="'.'products_description' . $languages[$i]['id'] . '"');Approx line 433:
Code:
<td class="main"><?php echo zen_draw_separator('pixel_trans.gif', '24', '15') . '&nbsp;' . zen_draw_input_field('products_model', htmlspecialchars(stripslashes($pInfo->products_model), ENT_COMPAT, CHARSET, TRUE), zen_set_field_length(TABLE_PRODUCTS, 'products_model')); ?></td>(NOTE: Line-numbers will vary depending on which product-type file you're editing.)
These are the additional product-type files which you may or may not be using:
- /admin/includes/modules/document_general/collect_info.php
- /admin/includes/modules/document_product/collect_info.php
- /admin/includes/modules/product_free_shipping/collect_info.php
- /admin/includes/modules/product_music/collect_info.php

3. includes/modules/pages/shopping_cart/header_php.php
Line 111, remove the ", TRUE":
Code:
$attr_value = htmlspecialchars($products[$i]['attributes_values'][$option], E

Code:
$attr_value = htmlspecialchars($products[$i]['attributes_values'][$option], ENT_COMPAT, CHARSET, TRUE);

如果产品名还是没有则把

zen_get_products_name($pInfo->products_id, $languages[$i]['id']),  直接换成产品名变量 $pInfo->products_name

$products_name[$languages[$i]['id']]) 直接换成产品名变量 $pInfo->products_name

其它类似