0ethos0
-
Posts
9 -
Joined
-
Last visited
Posts posted by 0ethos0
-
-
Installed this mod and it works fine, had to remove the left and right column reference but all the images for the manufactures images are HUGE. I searched and searched and found an old reference to editing manufacturers_info.php but that did not work.
does anyone know how to edit this so the thumbs would be a same width?
-
Makes sense about 755 but for some reason it throws an error saying that header_tags.php needs to be writeable at 777. So I am to gather that is okay until I need to make changes, then change it back to 755? Thanks Jack
-
It appears the Header Tags files are being flagged from our server because they use the base64_decode function, a function which is used VERY often by exploit scripts to hide what the file is doing. Since your instructions ask for 777 permissions on files, this makes apache vulnerable.
From our data center regarding this contribution:
When you execute PHP code, it runs as a user, just like every other program in
Linux. Because you are running your PHP as DSO, it runs as a part of Apache,
and runs as the same user.
Giving your files 777 permissions gives everyone the ability to read, write,
and execute the file. In particular for your situation, this gives Apache and
PHP both the ability to read and write.
PHP generally is not an issue - the code had to be on your server to execute,
so people from the outside cannot just upload PHP code through anything in PHP
unless something is written to allow this. Apache is an issue, anyone can try
to put a file on your server by using a http command to send it to the server,
and if Apache has write permissions to that directory, Apache will save it on
the server. If the file was a PHP file, and then someone visits the location
of that file, they are now running code on your server and can do quite a bit.
777 permissions are bad. If the author mentions that this plugin needs them, I
would recommend finding another plugin. While this plugin may not be
malicious, it opens dangerous doors.
Any suggestions?
-
Someone pointed out to me that there is a mistake in the install instructions for 2.3. It should read:
FIND:
array(
'code' => FILENAME_BACKUP,
'title' => BOX_TOOLS_BACKUP,
'link' => tep_href_link(FILENAME_BACKUP)
),
ADD BENEATH:
array(
'code' => FILENAME_DATABASE_OPTIMIZER,
'title' => BOX_TOOLS_DATABASE_OPTIMIZER,
'link' => tep_href_link(FILENAME_DATABASE_OPTIMIZER)
),
Can we upload a fixed zip file http://addons.oscommerce.com/info/7820/v,23
or at least unlock it so others can...
-
This mod for 2.3 is GREAT, thanks!!
One question, when you edit an order, the left column of the sheet loses all "style" and ajax doesn't work by default for updates so no changes are saved. Any idea how to get those to work?
Corrected this and uploaded it to contribution adds on section. Still trying to figure out the ajax part of it
Derek-Paul
-
Here's from the server error log for domain:
PHP Warning: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/rsscache/contrib_rss.html) is not within the allowed path(s): (/var/www/vhosts/site.com/httpdocs:/tmp) in /var/www/vhosts/site.com/httpdocs/admin/contrib_tracker.php on line 35, referer: http://site.com/admin/backup.php?selected_box=tools
PHP Warning: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/rsscache/contrib_rss.html) is not within the allowed path(s): (/var/www/vhosts/site.com/httpdocs:/tmp) in /var/www/vhosts/site.com/httpdocs/admin/contrib_tracker.php on line 58, referer: http://site.com/admin/backup.php?selected_box=tools
PHP Fatal error: Call to undefined function get_http_headers() in /var/www/vhosts/site.com/httpdocs/admin/contrib_tracker.php on line 367, referer: http://site.com/admin/backup.php?selected_box=tools
PHP Warning: Call-time pass-by-reference has been deprecated - argument passed by value; If you would like to pass it by reference, modify the declaration of xml_set_object(). If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file. However, future versions may not support this any longer. in /var/www/vhosts/site.com/httpdocs/admin/includes/classes/rdf_class.php on line 343, referer: http://site.com/admin/contrib_tracker.php
Using PHP Version 5.1.6
Anyone? I tried to fix the path but cannot get it to stop giving these errors
-
Strange... everything seems to work but the original post from the sql does not show up in contrib tracker. My store is not in catalog directory its in root, would that make a diff? I have tried everything, seems that it give success mesasge, but won't send email when uncommented and won't actually update anything. Tried changing fs as suggested, but that did not work.
- curl installed and working.
- using latest ver of osc.
Here's from the server error log for domain:
PHP Warning: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/rsscache/contrib_rss.html) is not within the allowed path(s): (/var/www/vhosts/site.com/httpdocs:/tmp) in /var/www/vhosts/site.com/httpdocs/admin/contrib_tracker.php on line 35, referer: http://site.com/admin/backup.php?selected_box=tools
PHP Warning: file_exists() [<a href='function.file-exists'>function.file-exists</a>]: open_basedir restriction in effect. File(/rsscache/contrib_rss.html) is not within the allowed path(s): (/var/www/vhosts/site.com/httpdocs:/tmp) in /var/www/vhosts/site.com/httpdocs/admin/contrib_tracker.php on line 58, referer: http://site.com/admin/backup.php?selected_box=tools
PHP Fatal error: Call to undefined function get_http_headers() in /var/www/vhosts/site.com/httpdocs/admin/contrib_tracker.php on line 367, referer: http://site.com/admin/backup.php?selected_box=tools
PHP Warning: Call-time pass-by-reference has been deprecated - argument passed by value; If you would like to pass it by reference, modify the declaration of xml_set_object(). If you would like to enable call-time pass-by-reference, you can set allow_call_time_pass_reference to true in your INI file. However, future versions may not support this any longer. in /var/www/vhosts/site.com/httpdocs/admin/includes/classes/rdf_class.php on line 343, referer: http://site.com/admin/contrib_tracker.php
Using PHP Version 5.1.6
-
Strange... everything seems to work but the original post from the sql does not show up in contrib tracker. My store is not in catalog directory its in root, would that make a diff? I have tried everything, seems that it give success mesasge, but won't send email when uncommented and won't actually update anything. Tried changing fs as suggested, but that did not work.
- curl installed and working.
- using latest ver of osc.
All Manufacturers for 2.3
in General Add-Ons Support
Posted
Willing to pay someone by paypal for this fix.