Parenthesis problem in cart library

Parenthesis problem in cart library - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Parenthesis problem in cart library (/showthread.php?tid=34155)

Parenthesis problem in cart library - El Forum - 09-21-2010

[eluser]Spaxx[/eluser]
i jus noticed this bug recently. When i try to add an item to the cart that has a parenthesis in its name, the item fails to add to cart. Also single and double quotes fail.

Try this:

- This one will work

Code:
$data = array(

               'id'      => 'sku_123ABC',

               'qty'     => 1,

               'price'   => 39.95,

               'name'    => 'Movie Name',

               'options' => array('Size' => 'L', 'Color' => 'Red')

            );

$this->cart->insert($data);

- This wont work...

Code:
$data = array(

               'id'      => 'sku_123ABC',

               'qty'     => 1,

               'price'   => 39.95,

               'name'    => 'Movie Name(2010)',

               'options' => array('Size' => 'L', 'Color' => 'Red')

            );

$this->cart->insert($data);

What could be the problem and whats the workaround?

Parenthesis problem in cart library - El Forum - 09-21-2010

[eluser]Spaxx[/eluser]
I think i got the problem, and its with the validation rules for the name on line 31 in Cart.php library

Code:
var $product_name_rules    = '\.\:\-_ a-z0-9'; // alpha-numeric, dashes, underscores, colons or periods

I changed this to

Code:
//I added parenthesis

    var $product_name_rules    = '\"\'\(\)\.\:\-_ a-z0-9'; // alpha-numeric, dashes, underscores, colons or periods, added parenthesis and quotes

Is there a security risk in relation to this change?

Parenthesis problem in cart library - El Forum - 09-21-2010

[eluser]Pascal Kriete[/eluser]
There are no inherent security risks as long as you remember your naming conventions. For example, since you know that they migh have quotes, you'll know to make sure that you need to form_prep before adding the name to a form.

You don't need to hack the class though. You could either extend the class and change it, or simply set the variable after loading it:

Quote:$this->cart->product_name_rules .= ''; // add parens to valid product names

It's not a bug, but it should probably be noted in the docs.

Thanks.

Parenthesis problem in cart library - El Forum - 10-06-2010

[eluser]Spaxx[/eluser]
Thanks, that helped.