302 replies to this topic

[Mildway]

Hi FWR Media,

i tried to install your addon but it failed.

When i tried to run the SecurityPro_installer.php, i got this error message:
"Fatal error: Call to a member function add_current_page() on a non-object in /home/mysite/public_html/includes/application_top.php on line 312"

And now i can´t access my site, always say the same "fatal error"...

Do you know what is? Any tips how to resolve?

Here is the application_top.php:

// navigation history
  if (tep_session_is_registered('navigation')) {
	if (PHP_VERSION < 4) {
	  $broken_navigation = $navigation;
	  $navigation = new navigationHistory;
	  $navigation->unserialize($broken_navigation);
	}
  } else {
	tep_session_register('navigation');
	$navigation = new navigationHistory;
  }
  $navigation->add_current_page();

Ah, if possible, in nexts updates, please write an "manual installation instructions". Autoinstallers really "sucks".
Like my case, if was provided an manual installation instructions, i could "UN-install" it, but with autoinstaller i can´t do this.

PS: Running on linux server, oscommerce RC2a

Cheers
James

Edited by Mildway, 24 June 2009 - 04:50 PM.

[FWR Media]

Mildway, on Jun 24 2009, 05:44 PM, said:

Hi FWR Media,

i tried to install your addon but it failed.

When i tried to run the SecurityPro_installer.php, i got this error message:
"Fatal error: Call to a member function add_current_page() on a non-object in /home/mysite/public_html/includes/application_top.php on line 312"

And now i can´t access my site, always say the same "fatal error"...

Do you know what is? Any tips how to resolve?

Here is the application_top.php:

// navigation history
  if (tep_session_is_registered('navigation')) {
	if (PHP_VERSION < 4) {
	  $broken_navigation = $navigation;
	  $navigation = new navigationHistory;
	  $navigation->unserialize($broken_navigation);
	}
  } else {
	tep_session_register('navigation');
	$navigation = new navigationHistory;
  }
  $navigation->add_current_page();

Ah, if possible, in nexts updates, please write an "manual installation instructions". Autoinstallers really "sucks".
Like my case, if was provided an manual installation instructions, i could "UN-install" it, but with autoinstaller i can´t do this.

PS: Running on linux server, oscommerce RC2a

Cheers
James

The contribution has no issues and needs no uninstaller.

Fatal error: Call to a member function add_current_page() on a non-object is a known issue with oscommerce usually created by a non visible error and the session writing uncorrectly.

1) Leave the db as it is and remove the code you put in from application_top.php

2) close all your browsers to lose seesion then clear your cookies.

3) Test the site now works

4) Re add the code to application top being more careful.

[Mildway]

FWR Media, on Jun 24 2009, 06:07 PM, said:

The contribution has no issues and needs no uninstaller.

Fatal error: Call to a member function add_current_page() on a non-object is a known issue with oscommerce usually created by a non visible error and the session writing uncorrectly.

1) Leave the db as it is and remove the code you put in from application_top.php

2) close all your browsers to lose seesion then clear your cookies.

3) Test the site now works

4) Re add the code to application top being more careful.

Hi FWR Media,

this error was showed when i was running the autoinstaller. After i placed the code on applicatrion_top.php and got another error, but in another line, i guess was 338 or 368, i don´t remember now....

Anyway, many thanks for information! Was what you said, just closed my browser and then worked ok, now i will test my payments modules, etc and if get problem i will post again. THANK YOU!

Ah, about writting an installation instructions, if possible, will be very nice. I don´t know, but i´m little
affraid running autoinstallers... i think is safer manually install due if you have a problem you can undo changes easy..

Best Regards
James

[Mildway]

Hi,

When i access www(dot)myshop.com/index.php?fwrtest=[w](o)%3Cr%3Ek|i*n^g

i don´t get the message "working". When i access it  I get redirected to my main page (index).

Are this ok? the addon is set ON TRUE on admin. It is working?

Thanks
James

[multimixer]

Hi Robert

I just installed this small wonderthing and now it works perfect, that means, I don't know if it works or not, I hope hackers will know Thank you very much.

Mildway, on Jun 24 2009, 07:44 PM, said:

"Fatal error: Call to a member function add_current_page() on a non-object in /home/mysite/public_html/includes/application_top.php on line 312"

I had the same issue, unistalled manually by deleting security.php,  undoing the changes in application_top.php, and droping the lines from the database. Then I tried one more time and everything went perfect, I don't know where my mind was the first time

Mildway, on Jun 24 2009, 07:44 PM, said:

Ah, if possible, in nexts updates, please write an "manual installation instructions"

You can see what tables are getting created in DB reading the installation file and just drop them

[ddsavage2000]

Not understanding how to install Security Pro 1.02 to osc 2.2 rc2a. As far as I got was downloading file. Using localhost for now. Any assistance greatly appreciated. Thanks.

[spooks]

ddsavage2000, on Sep 21 2009, 10:39 AM, said:

Not understanding how to install Security Pro 1.02 to osc 2.2 rc2a. As far as I got was downloading file. Using localhost for now. Any assistance greatly appreciated. Thanks.

How do I install a contribution http://forums.oscommerce.com/index.php?sho...=0#entry1432157

[ddsavage2000]

Thanks Sam. Most or all of the information provide in the link I am aware of thanks to several of your post and other like yourself that have superior knowledge this particular system. However,  none of the information detailed clarifies the installation of Security Pro 1.02.

[FWR Media]

valerif, on Mar 6 2008, 06:24 PM, said:

thanks for the contributions
this is what i was looking for

i installed it and see this problem
Fatal error: Call to undefined function: fwr_clean_global() in /.../includes/application_top.php on line 88

if i disable the line from the application top code it works fine

perhaps you could have a suggestion what this could be

thanks
valeri

you have not uploaded one of the required files (or perhaps put it in admin by mistake?) .. go back over the install instructions .. there aren't many.

[ddsavage2000]

What I downloaded was a zip file. If there were instructions I missed them because I never found any information specifically relating to install, and trust me I have been searching.

[FWR Media]

ddsavage2000, on Sep 21 2009, 01:18 PM, said:

What I downloaded was a zip file. If there were instructions I missed them because I never found any information specifically relating to install, and trust me I have been searching.

There is only one file to upload (after running the installer)

catalog/includes/functions/security.php

just upload the missing file.

[danny1977]

i installed security pro on a hardly modded site. when i try to test my site as explained on first page nothing happened.(nothing printed on screen)
so i tried everything i could with my little web knowledge .(set register globals off, erase http access, upgrade to php 5, tried to change variables at application top ...nothing worked )
when i search for how to make xss attack to prevent my site, i found this:

when you navigate your site with this :

http:// yoursite dot com/contact_us.php?&name=1&email=1&enquiry=[XSS%%FC%F0i%FE%DC()]
-----------------------
if you enable security pro it writes

XSSi

in contact us

if you disable it:

[XSS%üğişÜ()]

is written.

i think a very good way to test the script.
hope this helps someone...



thanks for the author of this wonderful contrib.i think a must for every oscommerce site.
cheers  
gokhan

[multimixer]

FWR Media, on 27 November 2008 - 08:12 AM, said:

Black Jack 21, on 27 November 2008 - 06:32 AM, said:

one question. It's necessary to pass through special characters like äüöÄÜÖß posted from the search box. What's the way to do it? I've found it works if i modify the function like this:

function tep_clean_get__recursive($get_var)
  {
  if (!is_array($get_var))
  return preg_replace("/[^ {}a-zA-Z0-9ßäüöÄÜÖ_.-]/i", "", urldecode($get_var));

  // Add the preg_replace to every element.
  return array_map('tep_clean_get__recursive', $get_var);
  }

What do you think, do you see any problems? Please comment and point me in the right direction!

Yes adding limited but valid language characters is not an issue as long as you are careful not to allow in bad characters.

A shortened version that should work is ..

$get_var = preg_replace("/[^\s{}a-z0-9ßäüö_.-]/i", "", urldecode($get_var));

FWR Media, on 17 May 2009 - 08:00 AM, said:

sctsang, on 17 May 2009 - 05:58 AM, said:

Our osComerce default language is Traditional Chinese, hence, we have to exclude advanced_search.php & advanced_search_result.php so that the search box works.
Can hackers inject malicious codes via the search box? If so, do you have any suggestions? Thank you in advance.

As standard osCommerce uses input filtering.
As long as you are using the RC2a versions of these files you should be fine .. it uses ..

tep_db_prepare_input
tep_db_input

And type casting on all user input added to the query.

Hope that helps.

Hi Robert

I was having an issue with search in Greek and Cyrillic characters. The search term (ie ελλαδα) was not included into the query.

Right now I have advanced_search_results.php excluded from cleansing via admin.

I just wonder, what is better to do, to keep this file excluded or to add Greek and Cyrillic characters to security.php?

[dodiewayne]

spooks, on 21 September 2009 - 09:43 AM, said:

How do I install a contribution http://forums.oscommerce.com/index.php?sho...=0#entry1432157

I am also trying to install this - I have done all steps stated in the instructions included with the add on, except this one: "Go into admin>configuration>FWR Security Pro and turn it on .. (set to true)."

Ok, I am not finding this file: am I overlooking this? I have found admin/configuration/but no FWR Security Pro? did I do something wrong?

[FWR Media]

dodiewayne, on 29 December 2009 - 12:17 PM, said:

I am also trying to install this - I have done all steps stated in the instructions included with the add on, except this one: "Go into admin>configuration>FWR Security Pro and turn it on .. (set to true)."

Ok, I am not finding this file: am I overlooking this? I have found admin/configuration/but no FWR Security Pro? did I do something wrong?

You haven't run the database installer SecurityPro_installer.php

[dodiewayne]

FWR Media, on 29 December 2009 - 12:38 PM, said:

You haven't run the database installer SecurityPro_installer.php

I have tried to "run" the installer - I guess I am just going about this all wrong. I have followed each and every step given:

Firstly: -
Upload SecurityPro_installer.php to your catalog folder. Browse to it and the installation will auto insert your admin settings.

Secondly:-
Upload security.php to catalog/includes/functions/

Finally:-
catalog/includes/application_top.php



Find ...



// set the application parameters
$configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION);
while ($configuration = tep_db_fetch_array($configuration_query)) {
define($configuration['cfgKey'], $configuration['cfgValue']);
}



Add directly BELOW ...



// FWR Media Security Pro
if ( defined('FWR_SECURITY_PRO_ON') && FWR_SECURITY_PRO_ON === 'true' ) {
$fwr_security_excludes = array();
if ( defined('FWR_SECURITY_PRO_FILE_EXCLUSIONS_ON') && FWR_SECURITY_PRO_FILE_EXCLUSIONS_ON === 'true' )
$fwr_security_excludes = explode(',', FWR_SECURITY_PRO_FILE_EXCLUSIONS);
if ( !in_array(basename($_SERVER['PHP_SELF']), $fwr_security_excludes) )
include('includes/functions/security.php');
}
if ( function_exists('tep_clean_get__recursive') ) {
// Recursively clean $HTTP_GET_VARS and $_GET
// There is no legitimate reason for these to contain anything but ..
// A-Z a-z 0-9 -(hyphen).(dot)_(underscore) {} space
$HTTP_GET_VARS = tep_clean_get__recursive($HTTP_GET_VARS);
$_GET = tep_clean_get__recursive($_GET);
$_REQUEST = $_GET + $_POST; // $_REQUEST now holds the cleaned $_GET and std $_POST. $_COOKIE has been removed.
fwr_clean_global($_GET); // Change the $GLOBALS value to the cleaned value
}
// END - FWR Media Security Pro



Go into admin>configuration>FWR Security Pro and turn it on .. (set to true).



PLEASE NOTE: You MUST delete the install file catalog/SecurityPro_installer.php after use!




The main problem I am having is this: This installation was done via Fantastico so everything was basically installed for me. I tried to install Oscommerce via manually and got frustrated and quit. I just ordered new hosting that came with the script basically pre - installed. Ok - now I am trying to do this but I find no catalog file. Now in the one I did manually I did have a catalog file but in this one I do not find one. I have ran a search for the file and there is no such file. SO I installed Securtiy Pro installer php under public html/admin and security.php to public html /admin/includes/functions/ and admin/includes/application_top.php  I find nothing that installed. I cannot continue onto the part where I am suppose to "Go into admin>configuration>FWR Security Pro and turn it on .. (set to true)" because I still cannot find it. I am told that I did not run the installer...how do I do this. I am so sorry this sounds awful but I am new at this and appreciate any help.

[FWR Media]

dodiewayne, on 29 December 2009 - 06:33 PM, said:

I am so sorry this sounds awful but I am new at this and appreciate any help.

no no that's fine .. we all started somewhere.

About the "catalog" thing we use "catalog" as a standard term meaning the root of your site.

Some people have the site running from..

www.mysite.com

Some ..

www.mysite.com/catalog/

Some ..

www.mysite.com/catalog/shop/

When we say catalog we are just referring to where the root files are like product_info.php.

The installer goes there then you browse to it.

The security.php file goes in
<root of site>includes/functions/

Edited by FWR Media, 29 December 2009 - 06:55 PM.

[jada14]

dodiewayne, on 29 December 2009 - 06:33 PM, said:

I have tried to "run" the installer - I guess I am just going about this all wrong. I have followed each and every step given:

Firstly: -
Upload SecurityPro_installer.php to your catalog folder. Browse to it and the installation will auto insert your admin settings.

Secondly:-
Upload security.php to catalog/includes/functions/

Finally:-
catalog/includes/application_top.php



Find ...



// set the application parameters
$configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION);
while ($configuration = tep_db_fetch_array($configuration_query)) {
define($configuration['cfgKey'], $configuration['cfgValue']);
}



Add directly BELOW ...



// FWR Media Security Pro
if ( defined('FWR_SECURITY_PRO_ON') && FWR_SECURITY_PRO_ON === 'true' ) {
$fwr_security_excludes = array();
if ( defined('FWR_SECURITY_PRO_FILE_EXCLUSIONS_ON') && FWR_SECURITY_PRO_FILE_EXCLUSIONS_ON === 'true' )
$fwr_security_excludes = explode(',', FWR_SECURITY_PRO_FILE_EXCLUSIONS);
if ( !in_array(basename($_SERVER['PHP_SELF']), $fwr_security_excludes) )
include('includes/functions/security.php');
}
if ( function_exists('tep_clean_get__recursive') ) {
// Recursively clean $HTTP_GET_VARS and $_GET
// There is no legitimate reason for these to contain anything but ..
// A-Z a-z 0-9 -(hyphen).(dot)_(underscore) {} space
$HTTP_GET_VARS = tep_clean_get__recursive($HTTP_GET_VARS);
$_GET = tep_clean_get__recursive($_GET);
$_REQUEST = $_GET + $_POST; // $_REQUEST now holds the cleaned $_GET and std $_POST. $_COOKIE has been removed.
fwr_clean_global($_GET); // Change the $GLOBALS value to the cleaned value
}
// END - FWR Media Security Pro



Go into admin>configuration>FWR Security Pro and turn it on .. (set to true).



PLEASE NOTE: You MUST delete the install file catalog/SecurityPro_installer.php after use!




The main problem I am having is this: This installation was done via Fantastico so everything was basically installed for me. I tried to install Oscommerce via manually and got frustrated and quit. I just ordered new hosting that came with the script basically pre - installed. Ok - now I am trying to do this but I find no catalog file. Now in the one I did manually I did have a catalog file but in this one I do not find one. I have ran a search for the file and there is no such file. SO I installed Securtiy Pro installer php under public html/admin and security.php to public html /admin/includes/functions/ and admin/includes/application_top.php  I find nothing that installed. I cannot continue onto the part where I am suppose to "Go into admin>configuration>FWR Security Pro and turn it on .. (set to true)" because I still cannot find it. I am told that I did not run the installer...how do I do this. I am so sorry this sounds awful but I am new at this and appreciate any help.

did anyone respond directly to this query, i am having the same issue and cannot find the FWR security Pro file under admin, getting a bit frustrated help please

[FWR Media]

jada14, on 12 January 2010 - 10:35 AM, said:

did anyone respond directly to this query, i am having the same issue and cannot find the FWR security Pro file under admin, getting a bit frustrated help please

Which bit of the installation are you confused with?

1) Upload SecurityPro_installer.php to your catalog folder. Browse to it and the installation will auto insert your admin settings.
2) Upload security.php to catalog/includes/functions/

or ..

3) Adding the code block to catalog/includes/application_top.php

[jada14]

thanks for the prompt response,

I am unsure about number 1 , when you say browse to it , do you mean via the file manager or ftp, i have tried both any nothing seems to change, as a result i get no
FWR Security Pro option to turn on in my admin>configuration> as i think the installation is not installed correctly.