From 29124c0ec3610827f43d54d1585e46c5844e4f50 Mon Sep 17 00:00:00 2001 From: Scott Moore Date: Thu, 4 Aug 2022 17:19:34 -0400 Subject: [PATCH 1/2] Product names were not escaped. If contained a double quote, would break the JavaScript for MSRP/MAP --- .../base/default/template/catalog/product/price_msrp_item.phtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/design/frontend/base/default/template/catalog/product/price_msrp_item.phtml b/app/design/frontend/base/default/template/catalog/product/price_msrp_item.phtml index 585d107cb28..684e7fe016f 100644 --- a/app/design/frontend/base/default/template/catalog/product/price_msrp_item.phtml +++ b/app/design/frontend/base/default/template/catalog/product/price_msrp_item.phtml @@ -84,7 +84,7 @@ Catalog.Map.addHelpLink( $(''), - "getName() ?>", + "escapeHtml($_product->getName()) ?>", $(""), '', "isSalable() ? $this->getAddToCartUrlCustom($_product, array(), false) : '' ?>" From 45c90e90a7683e605ff34b0a8f4b41b6d7ec9fa3 Mon Sep 17 00:00:00 2001 From: Scott Moore Date: Thu, 4 Aug 2022 17:54:37 -0400 Subject: [PATCH 2/2] update contribution list --- .all-contributorsrc | 9 +++++++++ README.md | 1 + 2 files changed, 10 insertions(+) diff --git a/.all-contributorsrc b/.all-contributorsrc index 4e583980e23..eabd644b004 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -1342,6 +1342,15 @@ "contributions": [ "code" ] + }, + { + "login": "discountscott", + "name": "Scott Moore", + "avatar_url": "https://avatars.githubusercontent.com/u/5454596?v=4", + "profile": "https://github.com/discountscott", + "contributions": [ + "code" + ] } ], "contributorsPerLine": 7 diff --git a/README.md b/README.md index 51e3e33a983..c512c27b2bc 100644 --- a/README.md +++ b/README.md @@ -388,6 +388,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
Enéias Ramos de Melo +
Scott Moore