search

FoxyCart / FoxyCart-Cart-Validation--PHP

Automatically sign (with HMAC SHA-256) all links and forms in a block of HTML
http://wiki.foxycart.com/static/redirect/price_validation
13 stars 9 forks source link

HTML entities in product name causing cart validation error #10

Closed pixelchutes closed 9 years ago

pixelchutes commented 9 years ago

I am attempting to pass a ® trademark symbol in the product name as an HTML entity:

<input type="hidden" name="name||abc123def456..." value="Acme, Inc&reg; - Widgets">

However, when adding to cart it errors with Cart Validation Error: name. This is for a v2.0 FC store using the latest foxycart.cart_validation.php

brettflorio commented 9 years ago

Interesting. I'll take a look but it might be a few days.

pixelchutes commented 9 years ago

Closing... I was using this helper function from the hmac_validation docs:

function get_verification($var_name, $var_value, $var_code, $var_parent_code = "", $for_value = false) {
    $api_key = "your_api_key_here";
    $encodingval = htmlspecialchars($var_code . $var_parent_code . $var_name . $var_value);
    $label = ($for_value) ? $var_value : $var_name;
    return $label . '||' . hash_hmac('sha256', $encodingval, $api_key) . ($var_value === "--OPEN--" ? "||open" : "");
}

And I was using htmlentities for setting the value:

$product = 'Acme, Inc® - Widgets';
htmlentities( $product, ENT_QUOTES, 'UTF-8' );

The error received makes sense given get_verification() was using htmlspecialchars but I was setting the value using: htmlentities

brettflorio commented 9 years ago

Thanks @pixelchutes for the update.