Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

cornishpirate

Members
  • Posts

    139
  • Joined

  • Last visited

  • Days Won

    1

cornishpirate last won the day on November 14 2015

cornishpirate had the most liked content!

Profile Information

  • Real Name
    Alan
  • Location
    Cornwall, England
  • Website

Recent Profile Visitors

26,865 profile views

cornishpirate's Achievements

  1. If you install the LORI add-on in Firefox, it will give you Time to First Byte and Time to Completion on any page that is loaded. Then you can easily see if server side is slow or page rendering is slow. Or both of course.
  2. In the UK, Streamline, now part of Worldpay, are pushing hard for PCI DSS compliance. They've teamed up with TrustWave and we've been encouraged to use their TrustKeeper IP Scanning system for vulnerabilities. The only item my site is failing on is XSS, despite the magnificent presence of Security Pro 2!! URL: ....../product_info.php?products_id=%3Cscript%3Ealert%28TK00000004%29%3C%2Fscript%3E Body matches: Vulnerability type: Reflected Cross-Site Scripting Vulnerable input type: URL Query Parameter Vulnerable input name: products_id This may be a very dubious failure, but many of us will have to deal with it. Any thoughts?
  3. I use a few ReWriteRule in my htaccess in the form RewriteRule ^(.*)-p-717.html$ product_info.php?products_id=616 When invoked, the USU5 404 page gets displayed, whereas with 'SEO URLs', it worked fine. Any thoughts on how I can get round this?
  4. In the interests of security, I have changed the names of almost all root PHP scripts. USU5 is working fine for me except for the fact that generated URLs stay in the original format (product_id etc) If I set everything to revert to 'product_info.php', then it behaves as I would expect. Since all references are to FILENAME_PRODUCT_INFO, this is a mystery. Any thoughts.
  5. Cache Location. My live server does not allow ANY write access within the document root, so I need to DEFINE a path outside of it. I do this with the standard osC backup directory. It would be nice to have this as an option, but in the meantime does anyone have any guidance on this before I hack things around too much! Alan
  6. Probably a PHP error. Check the server log.
  7. I'm returning to OPC after a few months break and have installed 1.093 on my RC2a. Much better than 6 months ago, but I'm getting 'There was an error setting payment method' using Protx Direct. Can someone point me in the right direction to code around this?
  8. Sitemap SEO V 1.5 Trying to validate sitemap.php with W3C. My sitemap includes products, but when a category only has subcategories and no products an 'empty' UL block is produced. W3C doesn't like this. The errors can be seen here Happy to try to fix the code, but would appreciate any pointers!!
  9. Are there any plans to incorporate QTPro with this?
  10. Stephen Thanks for helping me sort the Protx Direct problem. I am running RC2a, but fixed as above indicating MS2 !! Confusing? But what the hell, it works.
  11. I did, of course, try it. On going into checkout.php "There was an error setting payment method, please inform IT Web Experts about this error."
  12. Has anyone used payment module Protx Direct with this?
  13. if ($VARS['quantity']=intval($VARS['quantity'])) { tep_db_query("update " . TABLE_PRODUCTS_STOCK . " set products_stock_quantity=" . (int)$VARS['quantity'] . " where products_stock_id=$stock_id"); } else { tep_db_query("delete from " . TABLE_PRODUCTS_STOCK . " where products_stock_id=$stock_id"); } This is from stock.php. The first line should have '==' and not just '=' The effect for me was to delete the record if the stock quantity was set to zero. I didn't want this, because of an offline 'merge' operation I carry out when updating my live site. Making the change leaves a zero level record in products_stock. Does anyone know if there are likely to be any side effects?
×
×
  • Create New...