Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. freakystreak

    SEO Friendly Urls - a new approach

    I have checked the admin backend and I can't see any call to 'seo_friendly_urls.php. Can you advise me as to what I should look out for regarding the Apache Server configuration? Thank you.
  3. GoCastaway58

    Security checks gone

    I am going to try the PHP roll back and see what happens, but i can only go back to 5.6 and up to 7.1 - 7.2 -7.3 Downloaded the "frozen" version, but can i use that with the OsMart template? Its a good responsive template and would keep it
  4. JcMagpie

    Hack attempt - is there a way to prevent this?

    Just checked on official osC and it's the same result nothing found, can you spot the irony of the image below?
  5. Today
  6. Xarlina

    Editing Footer Links...

    Hi there, it could be done through footer template, but don`t forget to make a copy of the new version of the footer. It helps you quickly make changes if in some reasons footer file will be updated and returned to its original condition. It`s just friendly advice, for now, I`m a blogger and essay writer from xx but I`ve to deal with something like this before.
  7. coelroy

    17 Years Young!

    My friend I believe it's today Monday 20th May 2019 Can we hold you to your word i.e. "New releases coming soon. New websites coming soon." ? Elroy
  8. JcMagpie

    Hack attempt - is there a way to prevent this?

    I don't think this has anything to do with the edits as on a stock osC you still will get no results! Try your self on a clean BS4 in stall https://www.jcmagpie.com/advanced_search_result.php?keywords=A+Bugs+Life Compare that to a google search box output and you get a result every time, try it your self. https://www.justfastfood.com/
  9. freakystreak

    SEO Friendly Urls - a new approach

    Thanks for your reply, I am using osCommerce v2.3.4. Its using Bootstrap.
  10. BrockleyJohn

    How do I use function __construct in this code?

    Whether they would have behaved differently in the past with the current constructors, I couldn't say. However the current core code doesn't - that's what testing is for! I am confident in the testing of the original set of changes - the process used for the changes was: code scan for all classes and identify those with php4 constructors, code scan for direct calls to constructor method identify at least one page using the class and check for deprecated message show that change removed deprecated message but leaves page function unchanged for direct calls to constructor method, show function before and after the same too However the changes were reapplied several times over the course of months as Edge moved forward and although largely automated by git, it's always possible that errors or omissions were introduced in the final version so it's good to air any doubts you have. The constructors resulted in a lot of lines of code that needed altering but the bit that was much harder to analyse confidently was the change to the evaluation order in statements. IIRC there was only one line of code that needed changing for this.
  11. supercheaphobb

    Frozen bug list

    So just confirming the breadcrumbs needs to be removed from /includes/modules/content/header/templates/tpl_cm_header_breadcrumb.php
  12. Jack_mcs

    Hack attempt - is there a way to prevent this?

    For the code I posted, use $keywords = preg_replace('/[^ \w-\'\"]/', '', $_GET['keywords']);
  13. MrPhil

    How do I use function __construct in this code?

    OK, good to know that nothing there needs fixing. Although I do wonder if they behaved differently if and when they had only the eponymous constructor methods.
  14. Yesterday
  15. ArtcoInc

    Security checks gone

    @GoCastaway58 As @MrPhil suggested, ask your host if they can roll back to an earlier version of PHP. That *may* resolve your problem ... temporarily. If it does work, use the time to consider updating your shop to the latest Community Edition of osC. (link in my signature). M
  16. BrockleyJohn

    How do I use function __construct in this code?

    Nope these are all deliberate. Shopping cart's eponymous method is called to reset it (but there's no point in resetting it on construction). Table block and altert box's methods are called from child classes which override the constructor so the parent's never gets called.
  17. A recent attack on one of my shops revealed that hackers will use the search function to try and gain access to the shop and/or database. Since SmartSuggest records search inquires to a database table, there is a possibility that this could be used in an attack Malcolm
  18. JcMagpie

    Hack attempt - is there a way to prevent this?

    just put the chars you want to not remove in the [] and you be fine , see i have added ' and - after the 9 $scrub = preg_replace("/[^a-zA-Z0-9'-\w\ ]/", "", $input); this will give Result: iaja'-'- this 1237412 is @^*() how -=+_ from echo ScrubInput("iaja'-'- this 1237412~! is @#$%^&*() how -=+_] it [{};:/ works .,>?OKAMNBVCXZLKJHG'\""); Please check before using on live site. only tested in sandbox.
  19. GoCastaway58

    Security checks gone

    I sure have deprecated errors, its an error log from 3 weeks and 45Mb.... Its all like the last one: [19-May-2019 22:41:41 Europe/Amsterdam] PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; ht_product_title has a deprecated constructor I will take a look at your solutions, hope i can fix it, i am not really a good coder and OsCommerce mediate. Thanks!
  20. ArtcoInc

    Search add-on Reviews

    *** UPDATE *** In my initial review, I noted that SmartSuggest records the search inquiry. It does so by adding a database table in which to store these inquires. A recent hack attempt on one of my shops revealed that hackers will use the search function to try and gain access to the shop and/or the database. This was discussed in another thread: While I am not aware that any actual damage occurred, nor that any data was compromised, people should be aware that SmartSuggest does save the search inquires in a database table, which potentionaly could be used in an attack to one's shop. Malcolm
  21. MrPhil

    Hack attempt - is there a way to prevent this?

    It will depend on your osCommerce version, and what add-ons you have that put stuff to database, but any decent DB code should disable (usually escape, not removal) any special characters that might be interpreted as database commands. That way, the string content can't be used to run commands, but it still might interfere with searches. For example, escaping an apostrophe so that it can't be used to end a field and add SQL commands (change it to a literal apostrophe, not a delimiter for SQL commands), might prevent searching for "A Bug's Life", but I'm not sure in this code. I haven't looked lately, but there may be ways around that problem.
  22. puggybelle

    Hack attempt - is there a way to prevent this?

    @Jack_mcs @JcMagpie Any way to keep apostrophes, quotation marks, dashes, letters and numbers? LOL. My buyers really need to use quotation marks in some circumstances, in order to find the exact name or phrase. When the edits are made, you can't even find the test product A Bug's Life unless you leave out the apostrophe. Smart buyers are going to include the apostrophe...get no search results...and leave. These edits are only making search more difficult. And after viewing my keywords search report for months now....buyers need all the help they can get! Is there a way to sanitize against the inclusion of weird characters that always accompany a malicious code string, but preserve the other ones I mentioned? - Andrea
  23. greasemonkey

    Hack attempt - is there a way to prevent this?

    @ArtcoInc I think the link to your review is very relevant to the thread - and the threat of this hack attempt (I can’t recall the level of detail in your review but maybe you’d update to include this potential risk).
  24. ArtcoInc

    Hack attempt - is there a way to prevent this?

    @greasemonkey (while off topic regarding hack attempts ...) I also reviewed that search add-on here ... M
  25. greasemonkey

    Hack attempt - is there a way to prevent this?

    As a suggestion for a different smart search that doesn’t write to your DB... try this one (I’ve been using it for a couple years... works great). https://apps.oscommerce.com/Redirect=9351
  26. ArtcoInc

    Stop Google adding bogus names

    @trophy As others have stated, Google is not doing this. A spammer or hacker is doing it. Using Google as an email address, or as a company name, is very common. I get a number of these on one of my shops all the time. M
  27. JcMagpie

    Hack attempt - is there a way to prevent this?

    A simple string scrubbing function using, https://www.php.net/manual/en/function.preg-replace.php function ScrubInput($input) { // allow only letters //$scrub = preg_replace("/[^a-zA-Z]/", "", $input); // allow only letters and numbers //$scrub = preg_replace("/[^a-zA-Z0-9]/", "", $input); // allow only letters, numbers, and whitespace $scrub = preg_replace("/[^a-zA-Z0-9\s]/", "", $input); // Let's get rid of all CAPS $scrub = strtolower($scrub); // limit input to 40 chars $scrub = substr($scrub, 0, 40); // Let's get rid of all CAPS $scrub = strtolower($scrub); return $scrub; } // test the function echo ScrubInput("iaja this 1237412~! is @#$%^&*() how -=+_] it [{};:/ works .,>?OKAMNBVCXZLKJHG'\""); ?> Result: iaja this 1237412 is how it works ok
  28. ArtcoInc

    Hack attempt - is there a way to prevent this?

    @pete2007 Out of the box, osC does not save search queries in the database. I'm using an add-on called SmartSuggest that, amongst other things, creates a new database table and saves the search queries. I find this important since I can now see what people are searching for, and use that information to either adjust the text on my site, or adjust my product lines (if I sell apples, and people are searching for oranges ... ). M
  1. Load more activity
×