Jump to content

Terrakota

Members
  • Content count

    27
  • Joined

  • Last visited

  • Days Won

    1

Terrakota last won the day on December 18 2009

Terrakota had the most liked content!

Profile Information

  • Real Name
    Lana
  • Gender
    Female
  • Location
    Moscow, Russia
  • Website
  1. Terrakota

    FCK WYSIWYG HTML editor

    Hi, Sam, Do you, perhaps, know why html editor changes absolute path to images and pages to a relative one. So, if I type this in the editor: <a href="http://www.mysite.com/elephant-p-371.html"><img src="http://www.mysite.com/images/elephant.jpg"/></a> the editor changes it to this: <a href="../elephant-p-371.html"><img src="../images/elephant.jpg"/></a> And this happens ONLY to the internal links to my site. If I include a link to another site, it doesn't crop the path. This, of course, means that I can't send e-mails with links and images to my site, only with links and images to other sites. And I've noticed that if I go to any page on my site, right click, and view html code, all references to images are again cropped the same way as above. If I go to some other internet stores and view their html code, their paths to images are full, i.e. absolute. I've searched everywhere and can't find where to fix it. Maybe you would have an idea. Thank you!
  2. Terrakota

    SecurityPro contrbution

    Oh, thank you... again!
  3. Terrakota

    SecurityPro contrbution

    Robert, thank you very much! I realised that I had this problem with @ in another contribution - .htaccess security. And now I wonder - does that contribution do the same thing as Security Pro or not? I have the following code in .htaccess file, and do I still need Security Pro or they are the same? # anti xss script 1 - pci compliance - by pixclinic Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] # extra anti uri and xss attack script 2 - sql injection prevention Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC] RewriteRule ^(.*)$ log.php [NC] RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC] RewriteRule ^(.*)$ log.php [NC] RewriteCond %{QUERY_STRING} (java script:).*(;).* [NC] RewriteRule ^(.*)$ log.php [NC] RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC] RewriteRule ^(.*)$ log.php [NC] RewriteRule (,|;|<|>|'|`) /log.php [NC]
  4. Terrakota

    SecurityPro contrbution

    I have installed the contribution and it seems to work fine except for the "mail wishlist to friends" function. When I'm on the wishlist. php page, I type friend's name and e-mail address and hit "continue" button, and I'm given an error that says that I should have supplied at least one name and e-mail of the friend - which I did. When this error appears on the screen, the friend's name and e-mail dissapear. I type them again, but get the same error. I included wishlist.php in the list of excluded files in admin, but it still doesn't work. Do I need to exclude anything else? I would appreciate any insights on that. Thank you! Just in case, here is the part of the code from wishlist.php that e-mails list ot friends. ************* EMAIL THE WISHLIST TO MULTIPLE FRIENDS *************** *******************************************************************/ if (isset($_POST['email_prod_x'])) { $errors = false; $guest_errors = ""; $email_errors = ""; $message_error = ""; if(tep_session_is_registered('customer_id')) { $customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'"); $customer = tep_db_fetch_array($customer_query); $from_name = $customer['customers_firstname'] . ' ' . $customer['customers_lastname']; $from_email = $customer['customers_email_address']; $subject = $customer['customers_firstname'] . ' ' . WISHLIST_EMAIL_SUBJECT; $link = HTTP_SERVER . DIR_WS_CATALOG . FILENAME_WISHLIST_PUBLIC . "?public_id=" . $customer_id; //REPLACE VARIABLES FROM DEFINE $arr1 = array('$from_name', '$link'); $arr2 = array($from_name, $link); $replace = str_replace($arr1, $arr2, WISHLIST_EMAIL_LINK); $message = tep_db_prepare_input($_POST['message']); $body = $message . $replace; } else { if(strlen($_POST['your_name']) < '1') { $error = true; $guest_errors .= "<div class=\"messageStackError\"><img src=\"images/icons/error.gif\" /> " . ERROR_YOUR_NAME . "</div>"; } if(strlen($_POST['your_email']) < '1') { $error = true; $guest_errors .= "<div class=\"messageStackError\"><img src=\"images/icons/error.gif\" /> " .ERROR_YOUR_EMAIL . "</div>"; } elseif(!tep_validate_email($_POST['your_email'])) { $error = true; $guest_errors .= "<div class=\"messageStackError\"><img src=\"images/icons/error.gif\" /> " . ERROR_VALID_EMAIL . "</div>"; } $from_name = stripslashes($_POST['your_name']); $from_email = $_POST['your_email']; $subject = $from_name . ' ' . WISHLIST_EMAIL_SUBJECT; $message = stripslashes($_POST['message']); $z = 0; $prods = ""; foreach($_POST['prod_name'] as $name) { $prods .= stripslashes($name) . " " . stripslashes($_POST['prod_att'][$z]) . "\n" . $_POST['prod_link'][$z] . "\n\n"; $z++; } $body = $message . "\n\n" . $prods . "\n\n" . WISHLIST_EMAIL_GUEST; } //Check each posted name => email for errors. $j = 0; foreach($_POST['friend'] as $friendx) { if($j == 0) { if($friend[0] == '' && $email[0] == '') { $error = true; $email_errors .= "<div class=\"messageStackError\"><img src=\"images/icons/error.gif\" /> " . ERROR_ONE_EMAIL . "</div>"; } } if(isset($friendx) && $friendx != '') { if(strlen($email[$j]) < '1') { $error = true; $email_errors .= "<div class=\"messageStackError\"><img src=\"images/icons/error.gif\" /> " . ERROR_ENTER_EMAIL . "</div>"; } elseif(!tep_validate_email($email[$j])) { $error = true; $email_errors .= "<div class=\"messageStackError\"><img src=\"images/icons/error.gif\" /> " . ERROR_VALID_EMAIL . "</div>"; } } if(isset($email[$j]) && $email[$j] != '') { if(strlen($friendx) < '1') { $error = true; $email_errors .= "<div class=\"messageStackError\"><img src=\"images/icons/error.gif\" /> " . ERROR_ENTER_NAME . "</div>"; } } $j++; } if ($_POST['captcha'] == '' or $_POST['captcha'] != $_SESSION['captcha_keystring']) { $error = true; $messageStack->add('wishlist', ENTRY_CAPTCHA_ERROR); } if($error == false) { $j = 0; foreach($_POST['friend'] as $friendx) { tep_mail($friendx, $email[$j], $subject, $friendx . ",\n\n" . $body, $from_name, $from_email); $j++; } $messageStack->add('wishlist', WISHLIST_SENT, 'success'); } }
  5. Terrakota

    SecurityPro contrbution

    Thanks so much! This is good news. You have great contributions.
  6. I want to install SecurityPro contribution, but in the description it says something about loosing the cookies: The concept here (not a new one) is to totally sanitise the incoming ($_GET/$HTTP_GET_VARS) at source (the top of catalog/includes/application_top.php) then to sanitise $_REQUEST by $_REQUEST = $_GET + $_POST (Yes we lost $_COOKIE). Does that mean that cookies won't work? I use autologin contribution and need cookies. Does anyone know? Thank you!
  7. Terrakota

    Can I store cookies for 1 year?

    Thanks, Jim.
  8. Terrakota

    unable to open "next page" SEO-Chemo

    Which on did you install? Somebody said that the version by Media is the best. That's the one I have and it works fine. Except on the product_info page urls are really short, ending with .html, but on the product_listing pages (the one you have problem with) urls are long and look like this: http://mysite.com/productname-c-31.html?pa...ucts_sort_order.
  9. Does anyone know if it OK to store cookies for 1 year on client's computer? Or is there some kind of a limit on that? Thanks.
×