All Activity
This stream auto-updates
- Past hour
-
andreybaton joined the community
- Today
-
MxCt joined the community
-
A number of posts have been deleted that are about politics or disrespect towards other members of this forum. Thank you @Dan Cole for trying to keep the peace.
-
apsaraofindia changed their profile photo
-
apsaraofindia joined the community
-
sildalisnetherland changed their profile photo
-
sildalisnetherland joined the community
-
Boucmariecla joined the community
- Yesterday
-
gtapiaf13 joined the community
-
Support thread for JcM CKEditor V1.0
MyBookShop replied to JcMagpie's topic in General Add-Ons Support
Thankyou I had no idea. 😧 Its amazing work left to a community. And this morning the plugin came right and works for Phoenix v1.0.7.14. I guess I had to refresh the browser. Mark. -
ayoub.amara joined the community
-
pavelpavel1 joined the community
-
14steve14 started following Support thread for JcM Google reCAPTCHA V2 & Terms Phoenix
-
Support thread for JcM Google reCAPTCHA V2 & Terms Phoenix
14steve14 replied to JcMagpie's topic in General Add-Ons Support
Unfortunately Zahid is no longer with us. https://forums.oscommerce.com/profile/152272-jcmagpie/?status=7635&type=status -
Try allowing it (once) with NoScript. Since NoScript blocks the request before it is made, that's purely a test of NoScript so far.
-
solarpeter started following Support thread for JcM Google reCAPTCHA V2 & Terms Phoenix
-
Support thread for JcM Google reCAPTCHA V2 & Terms Phoenix
solarpeter replied to JcMagpie's topic in General Add-Ons Support
@JcMagpieI am having a similar issue to that shown above, having loaded the jcm-recaptcha module into Phoenix 1.07.13 . I have only create account and contact us listed in good pages. var $good_pages = ['contact_us.php', 'create_account.php']; var $version = 'JcMgoogleCapatcha Hooks V1.5 by JcMagie 04-12-2019'; If I now attempt, as a customer, to edit my address the process doesn't update the address or move me to the next page and three errors are thrown up in the log: [15-Jan-2021 15:43:51 Europe/London] PHP Notice: Constant MODULE_CONTENT_RECAPTCHA_ERROR already defined in /home/solarpro/public_html/phoenix1/includes/languages/english/hooks/shop/siteWide/jcm_google_recaptcha.php on line 15 [15-Jan-2021 15:43:51 Europe/London] PHP Notice: Constant MODULE_CONTENT_RECAPTCHA_SITEKEY already defined in /home/solarpro/public_html/phoenix1/includes/languages/english/hooks/shop/siteWide/jcm_google_recaptcha.php on line 16 [15-Jan-2021 15:43:51 Europe/London] PHP Notice: Constant MODULE_CONTENT_RECAPTCHA_SECRETKEY already defined in /home/solarpro/public_html/phoenix1/includes/languages/english/hooks/shop/siteWide/jcm_google_recaptcha.php on line 17 I hope this means something to somebody who might be able to suggest a solution? -
-
Jack_mcs started following Getting security issue on my site.
-
That is a old and non-supported version. If this is a new installation you should start over and install the Phoenix version. If it is an existing installation, the items you mention, like Social Security Number, are not standard in the shop. That would mean you have altered the code, which is fine, but it makes it difficult for anyone here to help, at least without more details.
- 1 reply
-
- oscommerer 2.3.1
- security issue
-
(and 1 more)
Tagged with:
-
@ecartz Thank you for picking this up. Below is what NoScript returns when trying to access the URL mentioned in point 1. NoScript detected a potential Cross-Site Scripting attack from [...] to http://domain.com. Suspicious data: (URL) http://domain.com/advanced_search_result.php?keywords=[removed]alert('SAINT')[removed] How would you troubleshoot this deeper?
-
Hello, I have installed OsCommerce 2.3.1 on my server its working properly. I have tested my website security issue on Vega and got many issue and fixed most of its. I am not able to solve 3 issue. I searched solutions but didn't get any suitable solutions for that. could anybody give any solutions or suggestion please. These are following three issue- 1. Possible Social Security Number Detected. 2. Possible Social Insurance Number Detected. 3. Page Fingerprint Differential Detected - Possible - XPath. Please give anyone any suggestion because I am new in this. Thanks
- 1 reply
-
- oscommerer 2.3.1
- security issue
-
(and 1 more)
Tagged with:
-
-
bonbec started following Support thread for JcM CKEditor V1.0
-
@MyBookShop I am sorry : https://forums.oscommerce.com/profile/152272-jcmagpie/?status=7635&type=status
-
Support thread for JcM CKEditor V1.0
MyBookShop replied to JcMagpie's topic in General Add-Ons Support
Gidday JcM Is there any chance you could look at why this broke at Phoenix v1.0.7.13/14 ? Im using 14 because 13 has problems in the product input area. I know chasing updates in Phoenix is a pain, and the request is sorta out of cycle. Thanking you in advance if you could be of help. Mark -
I verified this isn't working when updating. It does work for new products. It is a mistake in the code but I don't have a fix at this point. I will get to it as soon as I can. Thank you for reporting it.
- Last week
-
badyapalmhills changed their profile photo
-
They are almost certainly false positives. The first one is simple. Try it. If it shows the alert, then there is a problem. Find out where it displays and add the call to htmlspecialchars. The second is more difficult, but less likely to be a problem. Because the software already sanitizes all input before use. It's barely possible that you have installed something that doesn't (probably not Ultimate SEO URLs). But certainly core already does that. This is not the approach that osCommerce takes. Instead, it sanitizes all parameters before using them in a SQL query. In the case of a product ID, this would typically happen via a cast to int. For strings (including the extended product IDs used with attributes), it uses mysqli_real_escape_string and a charset of UTF-8 when communicating with the database. In general, checking for illegal characters is a bad approach, as it leads to cleverer exploits. It is conceivable that you are using an older version that has a bug in it. You should update to the latest to pick up all the security fixes. The most recent change was to always use UTF-8, which is required for mysqli_real_escape_string to work consistently (other character sets are also safe but some are unsafe). Before that was the switch to casting to int and mysqli_real_escape_string (I forget which was more recent--both are really old).
-
OSCommerce to CEPhoenix Migration Utility
zipurman replied to zipurman's topic in General Add-Ons Support
Let me know which tables you DID NOT import as this could also be the issue. You can PM me that info. Zip- 6 replies
-
- phoenix
- oscommerce
-
(and 2 more)
Tagged with:
-
OSCommerce to CEPhoenix Migration Utility
zipurman replied to zipurman's topic in General Add-Ons Support
It's possible if your config has some SSL settings in it. If you want to PM me, we can discuss in more detail. Zip- 6 replies
-
- phoenix
- oscommerce
-
(and 2 more)
Tagged with:
-
OSCommerce to CEPhoenix Migration Utility
varina replied to zipurman's topic in General Add-Ons Support
Hi Zip, that didn't make a difference. I logged into my account on the store side, and my account information was blank but there are two addresses listed. English is set as my default language on the admin side. Currency is set to USD. Just had a thought....would a lack of SSL cause an issue? My old site is hosted on GoDaddy Linux, but it won't work on Linux cpanel. So I have duplicate hostings at the moment, the old 2.3 site on the old Linix, and a migrated version I tried to upgrade to 2.3.4 and Phoenix on the cPanel side. The SSL is only installed on the old Linux, until I can get everything transferred to the new cPanel.- 6 replies
-
- phoenix
- oscommerce
-
(and 2 more)
Tagged with:
-
OSCommerce to CEPhoenix Migration Utility
zipurman replied to zipurman's topic in General Add-Ons Support
Try adding another language in the admin like "TEST" and then delete that new language. That may fix the issue as it sounds like the default language is not set. Let me know Zip- 6 replies
-
- phoenix
- oscommerce
-
(and 2 more)
Tagged with:
-
@Jack_mcs I noticed that when using this version to update stock, it add products, quantity, but changes in description is not updating. Does this require any setting to adjust or this function is unavailable in EP? Thanks
-
varina started following OSCommerce to CEPhoenix Migration Utility
-
OSCommerce to CEPhoenix Migration Utility
varina replied to zipurman's topic in General Add-Ons Support
Hello Zipurman, Thank you for the great migration tool to CE Phoenix. I was running an OScommerce 2.3.2 store I upgraded to 2.3.4, or so I thought. When the database migrated over, it registered at version 2.2, and then updated to 2.2 RC and then 2.3.4. A lot of the old tables were obsolete in the Phoenix version, so I did not export those into the new install. I thought everything looked pretty good, but I am missing some data. On the admin side, the customer information is gone. The customers names are there, their orders are there, but when you click on a customer to edit, the information is blank. The database shows the information in address book, and it appears that the customer id and address ids are correct, but I can't see the info on the admin side. Also, on the front end of the store, the prices of the products are all showing 0. The price is in the database file, and it shows up when you edit a product, but it is not transferring to the store front. Did I mess up the database migration somehow?- 6 replies
-
- phoenix
- oscommerce
-
(and 2 more)
Tagged with:
-
rule started following XSS & SQL Vulnerabilities
-
1. We got alerted to a potential XSS vulnerability in the following scenario. /advanced_search_result.php?keywords=[removed]alert('SAINT')[removed] Solution: cross-site scripting can be fixed by modifying the application's code on the server to HTML-encode user-supplied characters which have special meaning when rendered in a browser. That is, change < to &lt;, > to &gt;, & to &amp;, and " to &quot;. Some web application programming languages contain functions for this purpose, such as htmlspecialchars() in PHP. Doesn't osC already use htmlspecialchars? 2. On another note, there is also an integer-based SQL injection vulnerability in products_id parameter when the following is used. /product-name-p-4413.html?action=add_product We do use Ultimate SEO to rewrite the stock URLs but would that be true of default settings as well? Solution: all user-supplied parameters should be checked for illegal characters, such as a single quote ('), before being used in an SQL query. Any insight on addressing the two above issues would be greatly appreciated. These could well be false positives.
-
Huge inconvenience due to Brexit for .eu domain owners in the UK
-
@troyw Your post has been removed....please familiarize yourself with the forum guidelines. Dan
-
-
Posted 4 hours ago Hi Marcelo, Please provide the following details: - your exact shop version - your exact attributes manager version Please read this topic (Phoenix club): or if you have no access to the Phoenix club:
-
That's true, I'm sorry 🙂
-
n admin/categries.php when I have access in browser http://localhost/shop/admin/categories.php?cPath=&pID=714&action=new_product I am getting the error: There was an error while retrieving the URL: Forbidden There's no error in the error_log and in the PHP using ini_set('display_errors','On'); Somebody can help to solve this issue, please? Thank you