Ecommerce Single Quote Support

Dennis van de Giessen

Posted on 19/11/2015 15:08:27

Hello,

We are experiencing problems with customers getting banned from our website when they enter their delivery address.
The problem is the single quote character e.g.: Plaine d'Areuse

Currently i can think of 2 workarounds but both are not satisfactory.

1: Management Center --> Web and HTTP --> Security --> SQL injection Check --> Add problematic fields to allow users to use the single quote character
This will probably cause problems because I don't know if DynamicWeb uses Parameters when executing queries.

2: Before submitting, html encode the single quote character (and other characters like < > & ")
The problem with this is that we want the single quote to be stored as a single quote and not as "'"

Thank you for your time and effort

Regards,

Dennis

Replies

Nicolai Høeg Pedersen

Posted on 19/11/2015 15:13:17

Hi Dennis

What version are you using? We have changed this in newer releases.

BR Nicolai

Dennis van de Giessen

Posted on 19/11/2015 16:23:40

Hello Nicolai

Our project is currently running on version: Version: 8.7.0.0 (Tue, 25 Aug 2015 14:13)

Nicolai Høeg Pedersen

Posted on 20/11/2015 10:45:08

This post has been marked as an answer

Hi Dennis

Problem reproduced - it is a border case. We have now fixed the check to avoid this false positive. It will be released with the next 8.7.* hotfix (8.7.2.0 is the plan) - TFS#19958.

Your workaround one will not work.

You can also replace ' with the similar ´ which will make the submit work now.

BR Nicolai

Votes for this answer: 1

You must be logged in to post in the forum

Developer forum

Ecommerce Single Quote Support

Replies