359 replies to this topic

[awarner20]

cockroach, on Apr 18 2007, 10:01 PM, said:

Hi Guys,

I just noticed that this contrib breaks when used with CSS Buttons Everywhere

Both the buttons in the feed are affected:

<img src="http://fakeurl.com/shop/<div class="cssButton Add to Cart </div>" border="0">

Unfortunately I haven't got the skill to fix this myself, so I just though I'd let you know.

Cheers.

I am having this issue as well. I am using CSS Buttons and they do not show in the feed. Is there a way to show CSS Buttons in the feed?

My feed is here... http://derbydogma.com/rss.php

[awarner20]

awarner20, on May 30 2007, 03:09 PM, said:

I am having this issue as well. I am using CSS Buttons and they do not show in the feed. Is there a way to show CSS Buttons in the feed?

My feed is here... http://derbydogma.com/rss.php

Is it possible to get CSS buttons to show in the feed? Anyone?

[johnbarwell]

#Hi Guys,

I've just installed this. However the formatting isnt quite right. Can you have a look at http://www.fightstuff.co.uk/catalog/rss.php?language=en and tell me where I went wrong? The pictures are missing for the buy now and info buttons.

Thanks,


John

[johnbarwell]

#Hi Guys,

I've just installed this. However the formatting isnt quite right. Can you have a look at http://www.fightstuff.co.uk/catalog/rss.php?language=en and tell me where I went wrong? The pictures are missing for the buy now and info buttons.

Thanks,


John

[gregy]

hi

Is it possible to code the rss.php so it strips out html from title?

feedvalidator gives me error, cause i have some html in title (bold and br)

i.e.
<title>&lt;b&gt;Tool&lt;/b&gt; &lt;br&gt;04.09.2007 - Šalata - Zagreb (21:00)</title>

[boydie]

Hi all,

I've installed version 1.1 to get a seperate RSS feed for each category, Am I right in thinking that's whats this contribute does?

If I'm on the right path then I have an error.
When I go to category 1 and click the rss button the items for that category go into the rss feed, all is well.
Then when I go to category 2 and click the rss buttin the items for category 2 are added to the bottom and the URL stays the same.
The doc for Version 1.1 mention a category id, is there something if missed I reall want this to work.
The url I'm getting is
http://www.zantayartprints.com/rss.php/language/en
Should ther be a category ID added to this, the only area I have the RSS button is on the footer bar.

Any help welcome

[Phocea]

A quick bug Fix which I do not have time to package. With each product link, the oscId was added to the RSS feed..not very safe nor pretty:

To fix this change:

Quote

// RSS Links for Ultimate SEO (Gareth Houston 10 May 2005)
$link = tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $id, 'NONSSL', false);

with

Quote

// Correct RSS Links for Ultimate SEO without OscId (Phocea 20/06/2007)
$seo = ( defined('SEO_URLS') ? SEO_URLS : false );
$seo_rewrite_type = ( defined('SEO_URLS_TYPE') ? SEO_URLS_TYPE : false );
$link = tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $id, 'NONSSL', false, true);
if ($seo_rewrite_type == 'Rewrite') {
// We remove the oscid distributed by the user session used in this script
$link = substr($link, 0, strlen($link)-strlen(strstr($link,'?')));
} else {
$link = substr($link, 0, strlen($link)-strlen(strstr($link,'&osCsid')));
}

[shimpai]

Great contrib, works with all my languages except for Japanese....
even though the rss is set to utf-8, it doesn't display texte correctly.
any idea, anyone ?

thanks

[awarner20]

Phocea, on Jun 20 2007, 09:18 AM, said:

A quick bug Fix which I do not have time to package. With each product link, the oscId was added to the RSS feed..not very safe nor pretty:

To fix this change:
with

Hi Greg,

Can you verify the file that this code is found in? Is it catalog/rss.php?

Also, is this necessary if I am not using the Ultimate SEO contrib? I'm using SEO-G. Thanks for any clarification you may be able to provide.

[mrtimo]

I am getting " border="0"> " border="0"> inserted into every item on the RSS feed. What gives? My RSS feed: http://bighearthumanitarian.org/sponsor/rss.php?language=en

[mrtimo]

mrtimo, on Jul 11 2007, 03:09 PM, said:

I am getting " border="0"> " border="0"> inserted into every item on the RSS feed. What gives? My RSS feed: http://bighearthumanitarian.org/sponsor/rss.php?language=en

Just fixed it. I just took out the image and put in text instead --- around line 193 in rss.php

[fish123]

I using the RSS Feed v1.22-ecommerce

step 1
You (as the admin) can decide on a 'per product basis' whether a product should or shouldn't be added to the feed. You can do this by simply going to the admin section -> Catalog -> Categories / Articles -> Select you article / product of choice and click the 'edit' button. You'll notice that there's a new checkbox (Add this product to the RSS feed:) on the edit page. If you leave this checkbox checked, the product will be added to the feed. If you uncheck it, the product won't be added to the feed.

But i cant see any check box in the edit page to click the Rss feed for product..
So how can i solve the problem
Thank you

[rocket468]

Anyone have an idea what i did wrong with my feed http://www.alcohol-injection.com/rss.php
I am not getting any of the items to show up.

[shimpai]

rocket468, on Jul 23 2007, 07:17 AM, said:

Anyone have an idea what i did wrong with my feed http://www.alcohol-injection.com/rss.php
I am not getting any of the items to show up.

in Admin section, make sure your items are checked to "add this item to rss"
by default old items aren't.
Hope this helps

[rocket468]

shimpai, on Jul 23 2007, 07:57 PM, said:

in Admin section, make sure your items are checked to "add this item to rss"
by default old items aren't.
Hope this helps

I need to mess with my admin section more, mine always defaults to clicked
But in the database its self all my products have the value of 1

wouldn't this comand ALTER TABLE products ADD products_to_rss TINYINT default '1' NOT NULL;
make them all active ?

[Janissary]

utf8_encode only supports iso-8859-1 encoded strings. what can i do to get rid of this encoding?

In my shop I use iso-8859-9 encoding which is turkish and unfortunately when we use utf8 encoding it takes iso-8859-9 encoded string as iso-8859-1 and the result is garbage.. I tried iconv() and other stuff but the result was not successful. any ideas?

[Janissary]

Janissary, on Jul 28 2007, 04:46 AM, said:

utf8_encode only supports iso-8859-1 encoded strings. what can i do to get rid of this encoding?

In my shop I use iso-8859-9 encoding which is turkish and unfortunately when we use utf8 encoding it takes iso-8859-9 encoded string as iso-8859-1 and the result is garbage.. I tried iconv() and other stuff but the result was not successful. any ideas?

I answered my own question problem solved. I got rid of all the utf-8 encodings and changed the header to show iso-8859-9 encoding instead of utf-8

this is the rss.php file with 1.22 ecommerce add-on

<?php
/*
  $Id: rss.php,v 1.22 2007/04/13 13:04:02 hpdl Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2003 osCommerce

  Released under the GNU General Public License
*/

require('includes/application_top.php');

$navigation->remove_current_page();

$connection = mysql_connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD) or die('Couldn\'t make connection.');
// Select database
$db = mysql_select_db(DB_DATABASE, $connection) or die(mysql_error());

// If the language is not specified
if ($_GET['language'] == '') {
  $lang_query = tep_db_query('select languages_id, code from ' . TABLE_LANGUAGES . ' where directory = \'' . $language . '\'');
} else {
  $cur_language = tep_db_output($_GET['language']);
  $lang_query = tep_db_query('select languages_id, code from ' . TABLE_LANGUAGES . ' where code = \'' . $cur_language . '\'');
}

// Recover the code (fr, en, etc) and the id (1, 2, etc) of the current language
if (tep_db_num_rows($lang_query)) {
  $lang_a = tep_db_fetch_array($lang_query);
	$lang_code = $lang_a['code'];
	$lang_id = $lang_a['languages_id'];
}

// If the default of your catalog is not what you want in your RSS feed, then
// please change this three constants:
// Enter an appropriate title for your website
define(RSS_TITLE, STORE_NAME);
// Enter your main shopping cart link
define(WEBLINK, HTTP_SERVER);
// Enter a description of your shopping cart
define(DESCRIPTION, TITLE);
/////////////////////////////////////////////////////////////
//That's it.  No More Editing (Unless you renamed DB tables or need to switch
//to SEO links (Apache Rewrite URL)
/////////////////////////////////////////////////////////////

$store_name = STORE_NAME;
$rss_title = RSS_TITLE;
$weblink = WEBLINK;
$description = DESCRIPTION;
$email_address = STORE_OWNER_EMAIL_ADDRESS;


// Begin sending of the data
Header('Content-Type: application/xml');
echo '<?xml version="1.0" encoding="iso-8859-9" ?>' . "\n";
echo '<?xml-stylesheet href="http://www.w3.org/2000/08/w3c-synd/style.css" type="text/css"?>' . "\n";
echo '<!-- RSS for ' . $store_name . ', generated on ' . date(r) . ' -->' . "\n";
?>
<rss version="2.0"
  xmlns:ecommerce="http://shopping.discovery.com/erss/"
  xmlns:media="http://search.yahoo.com/mrss/">
<channel>
<title><?php echo $rss_title; ?></title>
<link><?php echo $weblink;?></link>
<description><?php echo $description; ?></description>
<webMaster><?php echo $email_address; ?></webMaster>
<language><?php echo $lang_code; ?></language>
<lastBuildDate><?php echo date(r); ?></lastBuildDate>
<image>
  <url><?php echo $weblink . '/images/rss_logo.jpg';?></url>
  <title><?php echo $rss_title; ?></title>
  <link><?php echo $weblink;?></link>
  <description><?php echo $description; ?></description>
</image>
<docs>http://blogs.law.harvard.edu/tech/rss</docs>
<?php

// Create SQL statement
$category = $_GET['cPath'];
$ecommerce = $_GET['ecommerce'];
if ($category != '') {
  // Check to see if we are in a subcategory
  if (strrpos($category, '_') > 0) {
	$category = substr($category, strrpos($category, '_') + 1, strlen($category));
  }
  $catTable = ", products_to_categories pc ";
  $catWhere = 'p.products_id = pc.products_id AND pc.categories_id = \'' . $category . '\' AND ';
}

$sql = "SELECT p.products_id, p.products_price, p.products_tax_class_id, p.products_model, 
			   p.products_image, p.products_date_added, pd.products_name, pd.products_description,
			   m.manufacturers_name, cd.categories_name
		FROM products p
			 $catTable
		LEFT JOIN products_description pd
			   ON pd.products_id = p.products_id
			  AND pd.language_id = '$lang_id'
		LEFT JOIN manufacturers m
			   ON m.manufacturers_id = p.manufacturers_id
		LEFT JOIN products_to_categories p2c
			   ON p2c.products_id=p.products_id
		LEFT JOIN categories_description cd
			   ON p2c.categories_id = cd.categories_id
			  AND cd.language_id = '$lang_id'
		WHERE $catWhere
			  p.products_status=1 AND 
			  p.products_to_rss=1
		GROUP BY p.products_id
		ORDER BY p.products_id DESC
		LIMIT " . MAX_RSS_ARTICLES;

// Execute SQL query and get result
$sql_result = mysql_query($sql,$connection) or die("Couldn\'t execute query:<br />$sql");

// Format results by row
while ($row = mysql_fetch_array($sql_result)) {
  $id = $row['products_id'];

  // RSS Links for Ultimate SEO (Gareth Houston 10 May 2005)
  $link = tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $id, 'NONSSL', false);

  $model = $row['products_model'];
  $image = $row['products_image'];
  $added = date(r,strtotime($row['products_date_added']));

  // Setting and cleaning the data
  $name = $row['products_name'];
  $desc = $row['products_description'];

  $manufacturer = $row['manufacturers_name'];
  $manufacturer = $manufacturer;
  $price = tep_add_tax($row['products_price'], tep_get_tax_rate($row['products_tax_class_id']));
  if( $discount = tep_get_products_special_price($id) ) {
	$offer = tep_add_tax($discount, tep_get_tax_rate($row['products_tax_class_id']));
  } else {
	$offer = '';
  }

  $cat_name = $row['categories_name'];



  // Setting the URLs to the images and buttons
  $relative_image_url = tep_image(DIR_WS_IMAGES . $image, $name, SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'style="float: left; margin: 0px 8px 8px 0px;"');
  $relative_image_url = str_replace('">', '', $relative_image_url);
  $relative_image_url = str_replace('<img src="', '', $relative_image_url);
  $image_url = HTTP_SERVER . DIR_WS_CATALOG . $relative_image_url;

  $relative_buy_url = tep_image_button('button_shopping_cart.gif', IMAGE_BUTTON_IN_CART, 'style="margin: 0px;"');
  $relative_buy_url = str_replace('">', '', $relative_buy_url);
  $relative_buy_url = str_replace('<img src="', '', $relative_buy_url);
  $buy_url = HTTP_SERVER . DIR_WS_CATALOG . $relative_buy_url;

  $relative_button_url = tep_image_button('button_more_info.gif', IMAGE_BUTTON_MORE_INFO, 'style="margin: 0px;"');
  $relative_button_url = str_replace('">', '', $relative_button_url);
  $relative_button_url = str_replace('<img src="', '', $relative_button_url);
  $button_url = HTTP_SERVER . DIR_WS_CATALOG . $relative_button_url;


  // http://www.w3.org/TR/REC-xml/#dt-chardata
  // The ampersand character (&) and the left angle bracket (<) MUST NOT appear in their literal form
  $name = str_replace('&','&amp;',$name);
  $desc = str_replace('&','&amp;',$desc);
  $link = str_replace('&','&amp;',$link);
  $cat_name = str_replace('&','&amp;',$cat_name);

  $name = str_replace('<','&lt;',$name);
  $desc = str_replace('<','&lt;',$desc);
  $link = str_replace('<','&lt;',$link);
  $cat_name = str_replace('<','&lt;',$cat_name);

  $name = str_replace('>','&gt;',$name);
  $desc = str_replace('>','&gt;',$desc);
  $link = str_replace('>','&gt;',$link);
  $cat_name = str_replace('>','&gt;',$cat_name);

  // Writing the output
  echo '<item>' . "\n";
  echo '  <title>' . $name . '</title>' . "\n";
  echo '  <category>' . $cat_name . '</category>' . "\n";
  echo '  <link>' . $link . '</link>' . "\n";
  echo '  <description>'; // . "\n";
  if ($ecommerce=='' && $image != '') {
	echo '<![CDATA[<a href="' . $link . '"><img src="' . $image_url . '"></a>]]>';
  }
  echo $desc;
  if ($ecommerce=='') {
	echo '<![CDATA[<br><br><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . $id) . '"><img src="' . $buy_url . '" border="0"></a>&nbsp;]]>';
	echo '<![CDATA[<a href="' . $link . '"><img src="' . $button_url . '" border="0"></a>]]>' . "\n";
  }
  echo '</description>' . "\n";
  echo '  <guid>' . $link . '</guid>' . "\n";
  echo '  <pubDate>' . $added . '</pubDate>' . "\n";
  if($ecommerce!='') {
	echo '  <media:thumbnail url="' . $image_url . '">' . $image_url . '</media:thumbnail>' . "\n";
	echo '  <ecommerce:SKU>' . $id . '</ecommerce:SKU>' . "\n";
	echo '  <ecommerce:listPrice currency="' . DEFAULT_CURRENCY . '">' . $price . '</ecommerce:listPrice>' . "\n";
	if ($offer) {
	  echo '  <ecommerce:offerPrice currency="' . DEFAULT_CURRENCY . '">' . $offer . '</ecommerce:offerPrice>' . "\n";
	}
	echo '  <ecommerce:manufacturer>' . $manufacturer . '</ecommerce:manufacturer>' . "\n";
  }
  echo '</item>' . "\n";
}
// Free resources and close connection
mysql_free_result($sql_result);
mysql_close($connection);
?>
</channel>
</rss>

[rocket468]

Still trying to trouble shoot why its not worken for my site. When i view souce i notice this is the ver last output line.

anyone have any ideas?


<b>Fatal error</b>: Call to undefined function tep_image_button() in <b>/home/dvldoc/public_html/rss.php</b> on line <b>164</b><br />

[shimpai]

Anybody noticed the "more information" button doesn't carry any language id?
So if the user click on it, he won't be redirected to the right language in the shop.

[jnanney]

The latest version from Bisente looks like it might carry a SQL Injection bug in it.

Anyone more familiar with it please let me know if I am wrong.

In rss.php line around line 88 find

// Create SQL statement

$category = $_GET['cPath'];
$ecommerce = $_GET['ecommerce'];

if ($category != '') {
  // Check to see if we are in a subcategory
  if (strrpos($category, '_') > 0) {
	$category = substr($category, strrpos($category, '_') + 1, strlen($category));
  }
  $catTable = ", products_to_categories pc ";
  $catWhere = 'p.products_id = pc.products_id AND pc.categories_id = \'' . $category . '\' AND ';
}

at line 88, $_GET['cPath'] is not sanitized and is passed straight to the database.

Change line 88 to this and it should no longer be vulnerable to exploits by way of this sql injection.

$category = preg_replace('/[^0-9_]/', '', $_GET['cPath']);

You may be able to get the same kinds of results with tep_db_output, but tep_db_output only encodes 5 characters, where the preg_replace above specifically removes anything that is not 0-9 or an underscore. thus greatly limiting the valid input.