Data Validation/Sanitation in CS Cart

I am looking to add additional fields to the profile. I tried to locate where CS Cart is doing it’s data validation & sanitation to protect against injection & xss.



I see data type validation inside of db_process() from fn.database.php, but I can’t locate the sanitation. Does anyone know where it’s being done?



There a handful of functions beginning with fn_revisions_process_ which I cannot find the function declaration, and wonder if it is being sanitized there.

It sounds like you may be going about this the hard way.? Just go to Users->Profile fields and add your additional fields.

Form data validation and sanitation is done in Javascript via jQuery (mostly). Look through the javascript source for micro-classes named ‘cm-’ something (most common is ‘cm-required’) and it will lead you to what you’re looking for.

Thanks for the reminder on the profile fields. I didn’t provide enough detail. I’m using custom forms, which will be populating custom tables that attach to the user profiles. My fault for sounding so generic.



And thanks for the heads up on the JavaScript/JQuery, I’ll take a look there and see what I can find.

I have solved my problem with data validation. It's ugly but it works.



File: /design/themes/basic/templates/views/profiles/components/profiles_scripts.tpl



I've added validator for NIP field (polish tax id) under ZIP code validation:



// register validator
$.ceFormValidator('registerValidator', {
// all fields
class_name: 'cm-profile-field',
// message for invalid entry
message: 'Enter valid TAX ID',
// validator; elm_id is DOM ID for input field
func: function(elm_id) {

var input = $("#"+elm_id), label = input.prev("label").text(),
nip = input.val(), weights, sum, i;

// ugly field recognition
if (label == "NIP" && nip)
{
// validation section
weights = [6, 5, 7, 2, 3, 4, 5, 6, 7];
nip = nip.replace(/[\s-]/g, '');
if (nip.length == 10 && parseInt(nip, 10) > 0)
{
sum = 0;
for (i = 0; i < 9; i++)
{
sum += nip[i] * weights[i];
}
return (sum % 11) == nip[9];
}

return false;
}
else
{
// all other fields return true
return true;
}
}
});

Hi, do you know how to modify the Mariusz's solution to use it in cs-cart 2.2.5? I inserted the code in to /skins/skin_name/customer/views/profiles/components/profiles_scripts.tpl but it doesn't work.