bank transfer's bank name is HTML escaped?

Post Reply

9 posts Page 1 of 1

bank transfer's bank name is HTML escaped?

suhanto

New member

Posts

Joined

Sat Sep 19, 2009 2:57 pm

Location

Jakarta, Indonesia

Post by suhanto » Wed Oct 07, 2009 7:47 pm

I was unable to enter HTML codes in the bank names inside the bank transfer payment method. Everytime I enter HTML code, it is displayed literally in the confirmation step of checkout process. It looks like the HTML code is encoded, and never get chance to be displayed correctly, because it is never decoded.

for me, this is PROBLEM.

So, then I look for workaround. I found this workaround as easy as changing the source code a little bit.

I changed the code in ControllerPaymentBankTransfer (/catalog/controller/payment/bank_transfer.php), on line 12.

Original code:

Code: Select all

nl2br($this->config->get('bank_transfer_bank_' . $this->language->getId()));

Modified code:

Code: Select all

html_entity_decode($this->config->get('bank_transfer_bank_' . $this->language->getId()));

After this change, all HTML codes are decode, so we can put some HTML tags, logo images, etc for bank names.

Any security consideration on doing this? Feedback welcome!

Last edited by i2Paq on Wed Oct 13, 2010 7:30 pm, edited 1 time in total.
Reason: Topic moved

http://suhanto.net

suhanto

New member

Posts

Joined

Sat Sep 19, 2009 2:57 pm

Location - Jakarta, Indonesia

Re: bank transfer's bank name is HTML escaped?

suhanto

New member

Posts

Joined

Sat Sep 19, 2009 2:57 pm

Location

Jakarta, Indonesia

Post by suhanto » Wed Oct 07, 2009 7:57 pm

I just found out, if you're doing this, you also have to change one line of code in /catalog/controller/account/invoice.php on line 193.

Original code:

Code: Select all

'comment'    => nl2br($result['comment'])

Modified code:

Code: Select all

'comment'    => html_entity_decode($result['comment'])

http://suhanto.net

suhanto

New member

Posts

Joined

Sat Sep 19, 2009 2:57 pm

Location - Jakarta, Indonesia

Re: bank transfer's bank name is HTML escaped?

HTMLCSSNoob

Active Member

Posts

157

Joined

Fri Aug 20, 2010 7:53 am

Post by HTMLCSSNoob » Sun Oct 10, 2010 9:11 pm

suhanto wrote:I just found out, if you're doing this, you also have to change one line of code in /catalog/controller/account/invoice.php on line 193.

Original code:
Code: Select all
'comment'    => nl2br($result['comment'])
Modified code:
Code: Select all
'comment'    => html_entity_decode($result['comment'])

I tried changing this code, but it's not working. In the e-mail invoice the html code literally still shows up.

Anyone know how to fix this?

HTMLCSSNoob

Active Member

Posts

157

Joined

Fri Aug 20, 2010 7:53 am

Re: bank transfer's bank name is HTML escaped?

HTMLCSSNoob

Active Member

Posts

157

Joined

Fri Aug 20, 2010 7:53 am

Post by HTMLCSSNoob » Sun Oct 10, 2010 9:48 pm

Nevermind, i'm getting good at answering my own questions....

Some of the line numbers and code have changed a little bit since OpenCart has been updated. The below works for version 1.4.9.1. Also, maybe this thread should be moved to general support instead of general discussions....

1. EDIT: /catalog/controller/payment/bank_transfer.php

Find on line 12

Code: Select all

$this->data['bank'] = nl2br($this->config->get('bank_transfer_bank_' . $this->config->get('config_language_id')));

Replace with

Code: Select all

$this->data['bank'] = html_entity_decode($this->config->get('bank_transfer_bank_' . $this->config->get('config_language_id')));

2. EDIT: /catalog/controller/account/invoice.php

Find on line 204

Code: Select all

'comment'    => nl2br($result['comment'])

Replace with

Code: Select all

'comment'    => html_entity_decode($result['comment'])

3. EDIT: catalog/model/checkout/order.php

Find on line 176

Code: Select all

$template->data['comment'] = nl2br($order_query->row['comment']);

Replace with

Code: Select all

$template->data['comment'] = html_entity_decode($order_query->row['comment']);

Find on line 179

Code: Select all

$template->data['comment'] .= ('<br /><br />' . nl2br($comment));

Replace with

Code: Select all

$template->data['comment'] .= ('<br /><br />' . html_entity_decode($comment));

HTMLCSSNoob

Active Member

Posts

157

Joined

Fri Aug 20, 2010 7:53 am

Re: bank transfer's bank name is HTML escaped?

jty

Active Member

Posts

1225

Joined

Sat Aug 30, 2008 8:19 am

Post by jty » Mon Oct 11, 2010 4:36 pm

HTMLCSSNoob wrote:Nevermind, i'm getting good at answering my own questions....

Yer, I do the same
It is faster to work it out myself than to wait for a kind soul to help.

jty

Active Member

Posts

1225

Joined

Sat Aug 30, 2008 8:19 am

Re: bank transfer's bank name is HTML escaped?

jones

Active Member

Posts

134

Joined

Tue Aug 24, 2010 1:05 pm

Post by jones » Mon Oct 11, 2010 5:42 pm

wait the developers responses for this, may Daniel or Qphoria able to comments, hope so.

jones

Active Member

Posts

134

Joined

Tue Aug 24, 2010 1:05 pm

Re: bank transfer's bank name is HTML escaped?

HTMLCSSNoob

Active Member

Posts

157

Joined

Fri Aug 20, 2010 7:53 am

Post by HTMLCSSNoob » Tue Oct 19, 2010 4:12 pm

jones wrote:wait the developers responses for this, may Daniel or Qphoria able to comments, hope so.

Ummm, why would we need to wait for the developers response to this? Is there something wrong with the changes I made above? Please let me know if it's not right or if it could be done better.

HTMLCSSNoob

Active Member

Posts

157

Joined

Fri Aug 20, 2010 7:53 am

Re: bank transfer's bank name is HTML escaped?

anti91

New member

Posts

Joined

Tue Aug 30, 2011 8:27 am

Post by anti91 » Sun Jan 15, 2012 1:35 am

1.5.1.1 for ?

anti91

New member

Posts

Joined

Tue Aug 30, 2011 8:27 am

Re: bank transfer's bank name is HTML escaped?

sweezhong

Newbie

Posts

Joined

Mon Dec 09, 2013 1:31 pm

Post by sweezhong » Mon Dec 09, 2013 2:02 pm

I using 1.5.6
1) For customer checkout
\catalog\controller\payment\bank_transfer.php
$this->data['bank'] = nl2br($this->config->get('bank_transfer_bank_' . $this->config->get('config_language_id')));
to
$this->data['bank'] = html_entity_decode($this->config->get('bank_transfer_bank_' . $this->config->get('config_language_id')));

2) For customer check their order
\catalog\account\order.php
'comment' => nl2br($result['comment'])
to
'comment' => html_entity_decode($result['comment'])

3) For admin view order
\admin\controller\sale\order.php
Line 2200
'comment' => nl2br($result['comment']),
to
'comment' => html_entity_decode($result['comment']),

4) For e-mail
\catalog/model/checkout/order.php
Line 311
$template->data['comment'] = nl2br($comment);
to
$template->data['comment'] = html_entity_decode($comment);

If any missed or incorrect please update.

sweezhong

Newbie

Posts

Joined

Mon Dec 09, 2013 1:31 pm

Post Reply

Jump to

Return to “Payments” Return to “Payments”

Who is online

Users browsing this forum: No registered users and 4 guests

bank transfer's bank name is HTML escaped?

Sign up to our newsletter