danny1977

i installed security pro on a hardly modded site. when i try to test my site as explained on first page nothing happened.(nothing printed on screen) so i tried everything i could with my little web knowledge .(set register globals off, erase http access, upgrade to php 5, tried to change variables at application top :) ...nothing worked ) when i search for how to make xss attack to prevent my site, i found this: when you navigate your site with this : http:// yoursite dot com/contact_us.php?&name=1&email=1&enquiry=[XSS%%FC%F0i%FE%DC()] ----------------------- if you enable security pro it writes XSSi in contact us if you disable it: [XSS%üğişÜ()] is written. i think a very good way to test the script. hope this helps someone... thanks for the author of this wonderful contrib.i think a must for every oscommerce site. cheers gokhan

find ot_loworderfee.php: PHP Code: if ( ($pass == true) && ( $order->info['subtotal'] < MODULE_ORDER_TOTAL_LOWORDERFEE_ORDER_UNDER) ) { to if ( ($pass == true) && ( $order->info['subtotal'] < MODULE_ORDER_TOTAL_LOWORDERFEE_ORDER_UNDER && $order->info['subtotal'] > 0) ) { i hope this helps