Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. A number of posts have been deleted that are about politics or disrespect towards other members of this forum. Thank you @Dan Cole for trying to keep the peace.
  4. Yesterday
  5. MyBookShop

    Support thread for JcM CKEditor V1.0

    Thankyou I had no idea. 😧 Its amazing work left to a community. And this morning the plugin came right and works for Phoenix v1.0.7.14. I guess I had to refresh the browser. Mark.
  6. Unfortunately Zahid is no longer with us. https://forums.oscommerce.com/profile/152272-jcmagpie/?status=7635&type=status
  7. ecartz

    XSS & SQL Vulnerabilities

    Try allowing it (once) with NoScript. Since NoScript blocks the request before it is made, that's purely a test of NoScript so far.
  8. @JcMagpieI am having a similar issue to that shown above, having loaded the jcm-recaptcha module into Phoenix 1.07.13 . I have only create account and contact us listed in good pages. var $good_pages = ['contact_us.php', 'create_account.php']; var $version = 'JcMgoogleCapatcha Hooks V1.5 by JcMagie 04-12-2019'; If I now attempt, as a customer, to edit my address the process doesn't update the address or move me to the next page and three errors are thrown up in the log: [15-Jan-2021 15:43:51 Europe/London] PHP Notice: Constant MODULE_CONTENT_RECAPTCHA_ERROR already defined in /home/solarpro/public_html/phoenix1/includes/languages/english/hooks/shop/siteWide/jcm_google_recaptcha.php on line 15 [15-Jan-2021 15:43:51 Europe/London] PHP Notice: Constant MODULE_CONTENT_RECAPTCHA_SITEKEY already defined in /home/solarpro/public_html/phoenix1/includes/languages/english/hooks/shop/siteWide/jcm_google_recaptcha.php on line 16 [15-Jan-2021 15:43:51 Europe/London] PHP Notice: Constant MODULE_CONTENT_RECAPTCHA_SECRETKEY already defined in /home/solarpro/public_html/phoenix1/includes/languages/english/hooks/shop/siteWide/jcm_google_recaptcha.php on line 17 I hope this means something to somebody who might be able to suggest a solution?
  9. BenCar

    Advice on a directory move

    Thank you!
  10. Jack_mcs

    Getting security issue on my site.

    That is a old and non-supported version. If this is a new installation you should start over and install the Phoenix version. If it is an existing installation, the items you mention, like Social Security Number, are not standard in the shop. That would mean you have altered the code, which is fine, but it makes it difficult for anyone here to help, at least without more details.
  11. rule

    XSS & SQL Vulnerabilities

    @ecartz Thank you for picking this up. Below is what NoScript returns when trying to access the URL mentioned in point 1. NoScript detected a potential Cross-Site Scripting attack from [...] to http://domain.com. Suspicious data: (URL) http://domain.com/advanced_search_result.php?keywords=[removed]alert('SAINT')[removed] How would you troubleshoot this deeper?
  12. ksatendra2

    Getting security issue on my site.

    Hello, I have installed OsCommerce 2.3.1 on my server its working properly. I have tested my website security issue on Vega and got many issue and fixed most of its. I am not able to solve 3 issue. I searched solutions but didn't get any suitable solutions for that. could anybody give any solutions or suggestion please. These are following three issue- 1. Possible Social Security Number Detected. 2. Possible Social Insurance Number Detected. 3. Page Fingerprint Differential Detected - Possible - XPath. Please give anyone any suggestion because I am new in this. Thanks
  13. bonbec

    Support thread for JcM CKEditor V1.0

    @MyBookShop I am sorry : https://forums.oscommerce.com/profile/152272-jcmagpie/?status=7635&type=status
  14. MyBookShop

    Support thread for JcM CKEditor V1.0

    Gidday JcM Is there any chance you could look at why this broke at Phoenix v1.0.7.13/14 ? Im using 14 because 13 has problems in the product input area. I know chasing updates in Phoenix is a pain, and the request is sorta out of cycle. Thanking you in advance if you could be of help. Mark
  15. Jack_mcs

    Easy Populate V 3.0

    I verified this isn't working when updating. It does work for new products. It is a mistake in the code but I don't have a fix at this point. I will get to it as soon as I can. Thank you for reporting it.
  16. Last week
  17. ecartz

    XSS & SQL Vulnerabilities

    They are almost certainly false positives. The first one is simple. Try it. If it shows the alert, then there is a problem. Find out where it displays and add the call to htmlspecialchars. The second is more difficult, but less likely to be a problem. Because the software already sanitizes all input before use. It's barely possible that you have installed something that doesn't (probably not Ultimate SEO URLs). But certainly core already does that. This is not the approach that osCommerce takes. Instead, it sanitizes all parameters before using them in a SQL query. In the case of a product ID, this would typically happen via a cast to int. For strings (including the extended product IDs used with attributes), it uses mysqli_real_escape_string and a charset of UTF-8 when communicating with the database. In general, checking for illegal characters is a bad approach, as it leads to cleverer exploits. It is conceivable that you are using an older version that has a bug in it. You should update to the latest to pick up all the security fixes. The most recent change was to always use UTF-8, which is required for mysqli_real_escape_string to work consistently (other character sets are also safe but some are unsafe). Before that was the switch to casting to int and mysqli_real_escape_string (I forget which was more recent--both are really old).
  18. Let me know which tables you DID NOT import as this could also be the issue. You can PM me that info. Zip
  19. It's possible if your config has some SSL settings in it. If you want to PM me, we can discuss in more detail. Zip
  20. Hi Zip, that didn't make a difference. I logged into my account on the store side, and my account information was blank but there are two addresses listed. English is set as my default language on the admin side. Currency is set to USD. Just had a thought....would a lack of SSL cause an issue? My old site is hosted on GoDaddy Linux, but it won't work on Linux cpanel. So I have duplicate hostings at the moment, the old 2.3 site on the old Linix, and a migrated version I tried to upgrade to 2.3.4 and Phoenix on the cPanel side. The SSL is only installed on the old Linux, until I can get everything transferred to the new cPanel.
  21. Try adding another language in the admin like "TEST" and then delete that new language. That may fix the issue as it sounds like the default language is not set. Let me know Zip
  22. zeeshop

    Easy Populate V 3.0

    @Jack_mcs I noticed that when using this version to update stock, it add products, quantity, but changes in description is not updating. Does this require any setting to adjust or this function is unavailable in EP? Thanks
  23. Hello Zipurman, Thank you for the great migration tool to CE Phoenix. I was running an OScommerce 2.3.2 store I upgraded to 2.3.4, or so I thought. When the database migrated over, it registered at version 2.2, and then updated to 2.2 RC and then 2.3.4. A lot of the old tables were obsolete in the Phoenix version, so I did not export those into the new install. I thought everything looked pretty good, but I am missing some data. On the admin side, the customer information is gone. The customers names are there, their orders are there, but when you click on a customer to edit, the information is blank. The database shows the information in address book, and it appears that the customer id and address ids are correct, but I can't see the info on the admin side. Also, on the front end of the store, the prices of the products are all showing 0. The price is in the database file, and it shows up when you edit a product, but it is not transferring to the store front. Did I mess up the database migration somehow?
  24. rule

    XSS & SQL Vulnerabilities

    1. We got alerted to a potential XSS vulnerability in the following scenario. /advanced_search_result.php?keywords=[removed]alert('SAINT')[removed] Solution: cross-site scripting can be fixed by modifying the application's code on the server to HTML-encode user-supplied characters which have special meaning when rendered in a browser. That is, change < to <, > to >, & to &, and " to ". Some web application programming languages contain functions for this purpose, such as htmlspecialchars() in PHP. Doesn't osC already use htmlspecialchars? 2. On another note, there is also an integer-based SQL injection vulnerability in products_id parameter when the following is used. /product-name-p-4413.html?action=add_product We do use Ultimate SEO to rewrite the stock URLs but would that be true of default settings as well? Solution: all user-supplied parameters should be checked for illegal characters, such as a single quote ('), before being used in an SQL query. Any insight on addressing the two above issues would be greatly appreciated. These could well be false positives.
  25. RubinVladimir

    BREXIT: shopowners in the UK

    Huge inconvenience due to Brexit for .eu domain owners in the UK
  26. Dan Cole

    UK VAT - Zone Activated Mininum Order Amount

    @troyw Your post has been removed....please familiarize yourself with the forum guidelines. Dan
  27. raiwa

    AJAX Attribute Manager support

    Posted 4 hours ago Hi Marcelo, Please provide the following details: - your exact shop version - your exact attributes manager version Please read this topic (Phoenix club): or if you have no access to the Phoenix club:
  28. mmmarcelo

    AJAX Attribute Manager support

    n admin/categries.php when I have access in browser http://localhost/shop/admin/categories.php?cPath=&pID=714&action=new_product I am getting the error: There was an error while retrieving the URL: Forbidden There's no error in the error_log and in the PHP using ini_set('display_errors','On'); Somebody can help to solve this issue, please? Thank you
  1. Load more activity
×