Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

jnanney

Archived
  • Posts

    17
  • Joined

  • Last visited

Profile Information

jnanney's Achievements

  1. This is all I need to get started, thanks for the point in the right direction. I'll post back my changes once done. Thanks Again for the great contribution.
  2. Coca-Cola 12 packs $2.99 coupon, $3 delivery coupon, $.99 per lb ground beef limit 3 lbs. etc. etc. Many people cut and use coupons with groceries all the time. I want to do the same. (My Site is a grocery store with local home delivery (no shipping) so I sort of compete with the local grocery stores.
  3. Are there any plans to allow more than one coupon per order? Apologies if this is already mentioned somewhere else.
  4. I run an online grocery delivery business and we are looking to add specials on our site that are limited to a certain quantity per order before going back to regular price. Is there a contribution that does this? I have searched the forums and contributions area with google and the in house tools but was unable to find it. For example we want to run a special on 12 packs cans of Coca Cola for $1.99, but limit to a quantity of 4 at this price before going back to the regular price of $3.99. We take a loss on and want to limit the loss to a max. Some customers may want more than the 4 even though they would be paying regular price for the excess. Is this available as a contribution? If not, where should I start? Thanks for any help.
  5. I hope you take no disrespect as I mean no harm, I just was adding the contrib to my site, and looked to make sure of what was going where. I'm very glad to see your response this quick. It makes me very pleased to use your contribution.
  6. The latest version from Bisente looks like it might carry a SQL Injection bug in it. Anyone more familiar with it please let me know if I am wrong. In rss.php line around line 88 find // Create SQL statement $category = $_GET['cPath']; $ecommerce = $_GET['ecommerce']; if ($category != '') { // Check to see if we are in a subcategory if (strrpos($category, '_') > 0) { $category = substr($category, strrpos($category, '_') + 1, strlen($category)); } $catTable = ", products_to_categories pc "; $catWhere = 'p.products_id = pc.products_id AND pc.categories_id = \'' . $category . '\' AND '; } at line 88, $_GET['cPath'] is not sanitized and is passed straight to the database. Change line 88 to this and it should no longer be vulnerable to exploits by way of this sql injection. $category = preg_replace('/[^0-9_]/', '', $_GET['cPath']); You may be able to get the same kinds of results with tep_db_output, but tep_db_output only encodes 5 characters, where the preg_replace above specifically removes anything that is not 0-9 or an underscore. thus greatly limiting the valid input.
×
×
  • Create New...