Bug fix for editing CubeCart V5 language files that contain urls

Bug fix for editing CubeCart language files that contain urls

A bug has been identified in CubeCart V5 when editing language files where one or more of the language strings contains a url. An example of this is the Paypal_Pro plugin language file which contains a string entitled “billmelater” as shown in the image below


The language string within the /modules/plugins/PayPal_Pro/language/module.definitions.xml file appears as

<string name="billmelater"><![CDATA[Enable BillMeLater [<a href="https://financing.paypal.com/ppfinportal" target="_blank" title="Opens in new window">Learn More</a>]]]></string>

When editing any language string through the normal admin interface, the link is removed and the line highlighted in green, indicating that the line has been changed even if that message wasn’t being edited. The problem is caused by the sanitize class incorrectly filtering out the url. So in the example shown below, the language string “api_password” had been edited and the changed saved but the “billmelater” string is also changed and highlighted.


The sanitize class is being rewritten for V6 and that will fix this issue but in the meantime there are two solutions to get around this problem.

Either the language definition xml file can be edited directly to make the changes you want but a better solution that fixes the problem for all language file updates is to make the two following code edits – however, be aware that at the moment these will not survive an upgrade as this fix is not currently intended to go into V5

Open: admin/sources/settings.language.inc.php

Find around line 29

foreach ($_POST['string'] as $type => $data) {

Replace this with

foreach ($GLOBALS['RAW']['POST']['string'] as $type => $data) {

Open: admin/sources/settings.language.inc.php

Find around line 29
static public function cleanGlobals() {

After this add

$GLOBALS['RAW'] = array(
'GET' => $_GET,
'POST' => $_POST,

The following two tabs change content below.
This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals

Latest posts by Havenswift Hosting (see all)

There Is 1 Comment

Andrew Norris on 21 Mar, 2014

What a great write up on this problem which had been driving me mad for ages 🙂 Clear explanation of the problem and a quick short-term solution as well

Post Your Comment

Your email address will not be published. Required fields are marked *

Copyright Havenswift Hosting 2007-2020. All rights reserved.