Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Thank you, that was a really simple way to do it. So what I'm trying to bring in now: left navigation now shows only the current level we're at - selected using the method you've shown me global $oscTemplate´╗┐, $cPath, $current_category_id; But in the header for the left menu, I wish it to say Category: "current category name". So I need to pull in the current category name there. So it can't be just getTree, it needs to be the selected category name. I'll be looking for the variable to put, but if you are able to help or push me in the right direction that will be great.
  3. JcMagpie

    Hack attempt - is there a way to prevent this?

    Both blocked by server with 403 error page.
  4. puddlec

    Hack attempt - is there a way to prevent this?

    how would it handle stuff like <script src="google.com"> and <script src="google.com">
  5. greasemonkey

    Hack attempt - is there a way to prevent this?

    @raiwa is this cleaned by tep_draw_input_field (which is sanitizing with stripslashes)? And if so... is it enough? This is definitely out of my skill range - it really is just a question. Reading about SQL injections (again I'm not sure I understand it clearly) should we not be using PDO (as in 2.4) or at minimum htmlspecialchars? Source: https://stackoverflow.com/questions/29678806/secure-all-inputs-in-php-form
  6. Today
  7. MrPhil

    Security checks gone

    Don't forget to patch Frozen (see my signature). I don't think there is a Dutch language pack specifically for this version, but you might find one that is close (a little update and translation work needed by you). At worst, you'll have to compare the Frozen language files side-by-side with whatever Dutch version you have, and copy over line-by-line, and translate the rest. If you do this successfully, and there is no existing Dutch pack, please consider offering it as a language add-on. Be careful that your editor doesn't add a Byte Order Mark to edited files! As far as layout changes go, some of this might be possible in user.css, but some might require PHP code changes. It all depends on what you want to do. Good luck, and let us know how it turns out!
  8. You have to do it yourself (it's not a one-button install in Softaculous, etc.), but if you pay your host enough money, they could probably be persuaded to do it for you. It's a manual install of the code (and a new database), and copy over and update your data (including the database). I would suggest setting up a private password-protected directory on your site and installing there, to try it out. You can play with the default sample data to see if you want to go further, then practice on a copy of your store's database (which will need to be updated). See if you need to install any add-ons, do any custom code changes, or just tweak the CSS in user.css file. You're going to have to do this eventually, when your host upgrades to PHP 7, so you might as well dip your toes in the water now and get the feel of things on a safe play system, before it becomes an emergency situation. From your questions, it sounds like you know very little about running a website (the mechanics behind it), so you might want to bring someone on board to help you with all this.
  9. raiwa

    Hack attempt - is there a way to prevent this?

    malicious/problematic code has already been filtered out in this example: Bob Smith"__sCRiPt sRC=//jb.gy/i__/sC 244 Whatever St"__sCRiPt sRC=//jb.gy/i__/sCrIpT_
  10. GoCastaway58

    Security checks gone

    I already installed a clean "Frozen" on my server and it works perfect as far as i can see. The layout is good responsive, but when i am going to use it i am gonna make some changes in the layout etc, and i also need it in Dutch, so i have to look if the language pack that i have is up to date. Next weeks i am going to work on it, will keep you updated.
  11. 4girlsandaguy

    Admin page not logging secure, not displaying correct

    That did it. Looks the way it should.......Thank you!!!!
  12. JcMagpie

    Admin page not logging secure, not displaying correct

    This will be down to you beeing on a shared server, looks like your host as turned on SSL on the server, just check you config file in admin/includes and make sure all http statments are changes to https. You will need to check this for every link in your code as any that still call http will cause problems of mixed content.
  13. 4girlsandaguy

    Admin page not logging secure, not displaying correct

    Mr. Phil, how do I upgrade this? Is this something I have to have my hosting company do or can I do this myself?
  14. 4girlsandaguy

    Admin page not logging secure, not displaying correct

    I checked the browser code. It looks just what you have. But what is happening is that the .css and .js files are all blocked because it is a insecure site. My shopping cart is secure but for some reason my admin page is not. I will have my hosting site address this and follow up here. Thanks for the insite and info.
  15. A few general notes: did your host just upgrade PHP (to 5.6)? osC 2.3.4 (official release) is a bit long of tooth, and has been known to have problems with PHP versions above 5.4 or so, although I don't recall seeing problems this severe. Did you get moved to a different server? Did your host make any other changes, such as forcing SSL? It's not uncommon for one hand (server support) to make major changes and not tell the other hand (customer support) what they did. Could you have been hacked (any files show inexplicably recent updates)? Did you make some "innocent little change"? By the way, PHP 5.6 is no longer supported (ditto 7.0) and 7.1 won't be soon, so try to upgrade your store before you run into severe problems on the next PHP upgrade. The only current osCommerce is "Frozen" (or "Edge", if you're adventurous) -- see link for it (plus patches) below in my signature. The official osC releases are years behind.
  16. JcMagpie

    Hack attempt - is there a way to prevent this?

    So going back to the original post of what if some one uses a form to inject script into the db? Look's like no cleaning is done before input is saved to db in official osC or CE. Script used in create account form is simply passed over to each page and saved into db. No scrubing is done when it is pulled out to display, And db is just taking the data presented to it. The test script used was the one origionaly posted and used as a test ( can do no harm as it not active on it's own) Bob Smith"__sCRiPt sRC=//jb.gy/i__/sC So looks like some method of scrubing all forms and input boxes is needed not just the search. Or have I missed somthing?
  17. If you have problems with the supplied password file changes, pull it all out and use your host's "password protect a directory" function from their control panel. It's much more likely to work correctly than what is supplied by osC. The only downside is that the osC Security Check won't recognize that you have password protection and will issue spurious warnings. If you have to enter an ID and password to get into admin (to the page with the normal osC ID/password field), don't worry about the warning -- it's working.
  18. MrPhil

    Hack attempt - is there a way to prevent this?

    Well, you could always replace your osC search with Google (with the term site:yoursite.com) or some other well-known search engine. (Are there any others left these days?) You will likely lose any storage of search terms, although there's no reason you couldn't save a search string (suitably sanitized, first) in your database before passing it on to Google. I'm assuming that there is no problem with sessions, etc. if you pop out to an external search engine from a logged-in store, so check out that early in the process.
  19. MrPhil

    Security checks gone

    If a responsive site is your primary concern, Frozen is already responsive out-of-the-box. No template is needed. Unless OsMart assures you that their template is compatible with Frozen (2.3.4.1BS/CE), it's very unlikely that it will work. Note that colors, typefaces/fonts, font size, and limited positioning and sizing of screen areas are all easily adjusted in the user.css file with CSS settings. You don't need a "template" to do these things. If it adds other functionality, that would have to be done separately. Frozen is fully PHP 7.1 compatible. 7.2 is iffy. It will run on 5.6 or 7.0, but be aware that those PHP levels are totally unsupported now, and thus dangerous to use.
  20. freakystreak

    SEO Friendly Urls - a new approach

    I have checked the admin backend and I can't see any call to 'seo_friendly_urls.php. Can you advise me as to what I should look out for regarding the Apache Server configuration? Thank you.
  21. GoCastaway58

    Security checks gone

    I am going to try the PHP roll back and see what happens, but i can only go back to 5.6 and up to 7.1 - 7.2 -7.3 Downloaded the "frozen" version, but can i use that with the OsMart template? Its a good responsive template and would keep it
  22. JcMagpie

    Hack attempt - is there a way to prevent this?

    Just checked on official osC and it's the same result nothing found, can you spot the irony of the image below?
  23. Xarlina

    Editing Footer Links...

    Hi there, it could be done through footer template, but don`t forget to make a copy of the new version of the footer. It helps you quickly make changes if in some reasons footer file will be updated and returned to its original condition. It`s just friendly advice, for now, I`m a blogger and essay writer from xx but I`ve to deal with something like this before.
  24. coelroy

    17 Years Young!

    My friend I believe it's today Monday 20th May 2019 Can we hold you to your word i.e. "New releases coming soon. New websites coming soon." ? Elroy
  25. JcMagpie

    Hack attempt - is there a way to prevent this?

    I don't think this has anything to do with the edits as on a stock osC you still will get no results! Try your self on a clean BS4 in stall https://www.jcmagpie.com/advanced_search_result.php?keywords=A+Bugs+Life Compare that to a google search box output and you get a result every time, try it your self. https://www.justfastfood.com/
  26. freakystreak

    SEO Friendly Urls - a new approach

    Thanks for your reply, I am using osCommerce v2.3.4. Its using Bootstrap.
  27. BrockleyJohn

    How do I use function __construct in this code?

    Whether they would have behaved differently in the past with the current constructors, I couldn't say. However the current core code doesn't - that's what testing is for! I am confident in the testing of the original set of changes - the process used for the changes was: code scan for all classes and identify those with php4 constructors, code scan for direct calls to constructor method identify at least one page using the class and check for deprecated message show that change removed deprecated message but leaves page function unchanged for direct calls to constructor method, show function before and after the same too However the changes were reapplied several times over the course of months as Edge moved forward and although largely automated by git, it's always possible that errors or omissions were introduced in the final version so it's good to air any doubts you have. The constructors resulted in a lot of lines of code that needed altering but the bit that was much harder to analyse confidently was the change to the evaluation order in statements. IIRC there was only one line of code that needed changing for this.
  1. Load more activity
×