-
Posts
2,159 -
Joined
-
Last visited
-
Days Won
51
Posts posted by tgely
-
-
@ArtcoInc
If I understand well, probably you are missing GET forms with POST forms. All modul use parameters in href link. tep_draw_hidden_field() not means POST parameters in these cases because hidden field transformed in HTTP header as GET parameters.
Ifsearch_in_description = 1
than this means search results from product_description while 0 not search in products_description.
Store search bar call direct ajax POST method header link with href="" parameters instead use hidden field in a search GET form. -
@ArtcoInc
Its not possible in near furure. I am working on v2.4 core but there is hard coded BS3. Language search functionality is more close to v2.4 than v2.3 codebase. When v2.4 core will be totaly separated into 2 parts (core and template) then will be a chance to use different template systems. We are in a sack street at this moment. -
I give a few years and AI will anulate all captcha codes so hurry up as you can. All email contact page will be destroyed so you will come back the old and stabil phone services...
-
I tried some web search engine and you can see the differencies. Keyword was "oscommerce download" (see sourceforge page in results)
http://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&tn=baidu&wd=oscommerce download&rsv_pq=99db523d0002df20&rsv_t=a898h9iiFzsk2HJDNsL1odzMNVB5yBPb0G8sQGdp0dTbjqSaR8v%2F59SczFA&rqlang=cn&rsv_enter=1&rsv_sug3=9&rsv_sug1=1&rsv_sug7=100&rsv_sug2=0&inputT=3368&rsv_sug4=3368
http://www.bing.com/search?q=oscommerce+download&qs=n&form=QBLH&sp=-1&pq=oscommerce+download&sc=3-19&sk=&cvid=798FE95AEC584E8DA5D4BFB58892952A
https://search.yahoo.com/search;_ylt=A0LEVxzGwItasJMA5nNXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGZyA3lmcC10BGdwcmlkA1JZUi5uTVFOU2NhYzhuS1NsZlZUQUEEbl9yc2x0AzAEbl9zdWdnAzEwBG9yaWdpbgNzZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDMARxc3RybAMyMQRxdWVyeQNvc2NvbW1lcmNlJTIwZG93bmxvYWQEdF9zdG1wAzE1MTkxMDg1NTU-?p=oscommerce+download&fr2=sb-top&fr=yfp-t&fp=1
https://www.google.hu/search?q=oscommerce+download&ie=utf-8&oe=utf-8&client=firefox-b-ab&gfe_rd=cr&dcr=0&ei=WMKLWs7-Au6A8QeL25X4CAGoogle is not the Good and we could find another worlds. So this depends on local markets and habits. Probably have to use both solution to win on global market.
-
@justcatering use file cache instead. Sql based storages attacked nowadays with union injections. I am not sure that sql is safety.
-
UNIX_TIMESTAMP(date(o.customers_dob))
I forgot to use direct calculations and start to use UNIX time format by this reason.
Here is a zero equal example code snipet with modulus calculation:where MOD(UNIX_TIMESTAMP(CURDATE())-UNIX_TIMESTAMP(date(c.customers_dob)), " . (int)SETTING_DAYS*86400 . ") = 0
It could be very effective. For example: define('SETTING_DAYS', 365);
I use daily mail cron jobs for similar projects. -
You should add attachment file code part into the tp_email_checkout_process.php.
function build() { global $file, $filetype, $filename... . . $attachment = fread(fopen($file, "r"), filesize($file)); $$mimemessage->add_attachment($attachment, $filename, $filetype);
-
Forum mandated pls. ask PP that dont use Superconducting Super Collider in Texas to mine more cripton valutes because we dont recive double orders nowadays.
-
I have seen duplications on several cases. I have non PP payment module with same rarely duplication. But I have seen duplicated emails. I suspect to double entry threads from the shop server side sometimes.
I have deleted duplicated post from oscommerce forum treads... -
Update for BS. A great Grid tool is found here
http://alefeuvre.github.io/foundation-grid-displayer/ -
set session sql_mode="";
-
- no session data area limit with 'text' field type (no crash with overflowed sessions)
- faster
- no problem with The garbage collector callback -
12 minutes ago, imusorka said:
@Gergely Having changed it to file, I now get the following error.
select code, title, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value from currencies
What is the problem with this general query?
-
What is your session configuration parameter in catalog/includes/configure.php ?
-
Note: at least my case if file session used no need sql sessions and Database Optimizer magic
define('STORE_SESSIONS', 'file');
Configure Session dir at admin site.
-
-
I suppose somebody will rewrite the whole option types codebase.
-
-
9 hours ago, Psytanium said:
@Gergely already enabled, I checked the view-source, I can see the
<link rel="canonical" href="https://macrotronics.net/product_info.php/samsung-850-evo-500gb-ssd-mz-75e500b-p-12045" />
in the header
could be the htaccess ?
Its time for the google to repair it.
My solution:
https://github.com/Gergely/oscommerce2-addons/compare/cPath_validation
Run this sql script before update:
ALTER TABLE `categories` ADD COLUMN `cpath` VARCHAR(255) NOT NULL AFTER `last_modified`;
-
Not exactly its attack only mysql. Probably mysql 5.6
I remember something from the past... Secure App: https://apps.oscommerce.com/o19Sn&security-pro-2-0-r7It could be a Hook. catalog/includes/hooks/shop/global/security_pro.php
From Security Pro Start here page:QuoteYes it is still just as valid. The target of Security Pro is not the core osCommerce coding which we all know is good, the target is the thousands of contributions which are usually poorly written.
This is all new code but the concept remains the same .. with Security Pro installed it is impossible to pass bad characters through the querystring so long as the page loads application_top.php, which all osCommerce pages do.
-
-
I am talking about \Ultimate_Seo_Urls_5_PRO_BS_208\new_files\catalog\includes\modules\ultimate_seo_urls5\ cache module files.
-
Hi everybody,
just examined php error logs and discovered that USU5 database cache system was attacked with sql injection codes. Its probably a security issue if someone use database (mysql or sqlite) cache interfaces.
I dont have any imagination how could be registered into MySQL UNION script but looks like very danger.
DO NOT USE database cache modules!Could you drop database cache modules or fix it in responsive/original addons?
An error example with file cache module:[21-Mar-2017 xx:xx:xx Europe/X] PHP Warning: file_put_contents(/xxxxx/xxxxxxx/xxxxxxxxxxx.xx/includes/modules/ultimate_seo_urls5/cache_system/cache/2_index_manufacturers_id_23111111111111120UNION20SELECT20CHAR4512049458145CHAR4512050458145CHAR4512051458145CHAR4512052458145CHAR4512053458145CHAR4512054458145CHAR4512055458145CHAR4512056458145CHAR4512057458145CHAR451204948458145CHAR451204949458145CHAR451204950458145202020.cache) [<a href='function.file-put-contents'>function.file-put-contents</a>]: failed to open stream: File name too long in /xxxxx/xxxxxxx/xxxxxxxxxxx.xx/includes/modules/ultimate_seo_urls5/cache_system/file.php on line 82
I am afraid that injection script stored directly when database interface used.
-
Store Search Bar (BS)
in General Add-Ons Support
Posted
It looks like as script onload problem without I see your codes.