Prestashop 1.5.6 - Add a custom field in Admin Product Page

Question

I have been trying to introduce a new custom field in Admin Product page but got a weird error. Actually this field has the same text area type as the existing ones. If I enter a plain text, it works fine but if I enter anything starts with an opening angle bracket (<) it gives me a 403 forbidden error. I already checked permission of folders and files.

This is what I have done.

1. New db field

2. ProductCore class. Made changes wherever 'description' is referenced because they are pretty much the same thing.

3. Information.tpl modified to display this new field.

4. This is how Admin Product page looks like after the change. As you can see, a plain text can be saved without any issue.

5. If I type in any html tag, which starts with an angle bracket, then save, I get a 403 error, whereas an existing textarea such as Description in the screen is totally fine.

I have checked permission of files and folders and error logs but couldn't find any clue. Anyone got an idea? Please help!

information.tpl

        <tr>
            <td class="col-left">
                {include file="controllers/products/multishop/checkbox.tpl" field="description" type="tinymce" multilang="true"}
                <label>{l s='Description:'}<br /></label>
                <p class="product_description">({l s='Appears in the body of the product page'})</p>
            </td>
            <td style="padding-bottom:5px;">
                    {include file="controllers/products/textarea_lang.tpl" languages=$languages
                    input_name='description'
                    input_value=$product->description
                    }
                <p class="clear"></p>
            </td>
        </tr>
        <tr>
            <td class="col-left">
                {include file="controllers/products/multishop/checkbox.tpl" field="alternate_item" type="tinymce" multilang="true"}
                <label>{l s='Alternate Item:'}<br /></label>
            </td>
            <td style="padding-bottom:5px;">
                    {include file="controllers/products/textarea_lang.tpl"
                    languages=$languages
                    input_name='alternate_item'
                    input_value=$product->alternate_item}
                <p class="clear"></p>
            </td>
        </tr>

textarea_lang.tpl

<div class="translatable">
{foreach from=$languages item=language}
<div class="lang_{$language.id_lang}" style="{if !$language.is_default}display:none;{/if}float: left;">
    <textarea cols="100" rows="10" id="{$input_name}_{$language.id_lang}" 
        name="{$input_name}_{$language.id_lang}" 
        class="autoload_rte" >{if isset($input_value[$language.id_lang])}{$input_value[$language.id_lang]|htmlentitiesUTF8}{/if}</textarea>
    <span class="counter" max="{if isset($max)}{$max}{else}none{/if}"></span>
    <span class="hint">{$hint|default:''}<span class="hint-pointer">&nbsp;</span></span>
</div>
{/foreach}
</div>
<script type="text/javascript">
    var iso = '{$iso_tiny_mce}';
    var pathCSS = '{$smarty.const._THEME_CSS_DIR_}';
    var ad = '{$ad}';
</script>

Answer 1

You must override the ProductCore class NOT modify ProductCore class

class Product extends ProductCore 
{
   public $alternate_item;

   public function __construct($id_product = null, $full = false, $id_lang = null, $id_shop = null, Context $context = null)
   {
         self::$definition['fields']['alternate_item'] = array('type' => self::TYPE_HTML, 'lang' => true, 'validate' => 'isCleanHtml');
         parent::__construct($id_product, $full, $id_lang, $id_shop, $context);
   }
}

The override class must be placed in override/classes folder or yourmodule/override/classes

When you override a class you must delete cache/class_index.php