Jump to content


  • Content count

  • Joined

  • Last visited

Reputation Activity

  1. Like
    videod reacted to vanzantz in osCommerce - 'reviews_id' SQL Vulnerabilities   
    Reviewing a site I am working and using sql map I am getting a postiive hit for $_GET['reviews_id'] in the product_reviews_info.php file.
    Examining the flagged file it's using typecasting with (int) on the instances with the get request and the parameter.
    This does not appear to be resolving the positive hit for the sql injection.
    Are there any tips on how to address with this platform? mysql_real_escape(); ?
    Researching for a fix I see this vulnerability being reported:
  2. Like
    videod reacted to MrPhil in Oscommerce 2.3.4 PHP 7 Real Upgrade (not Hotfix)   
    There is no update package. You need to install the latest "Edge" version and re-do any customizations you had done. I wouldn't try to update just one small part -- do the whole thing to do it right. I'm not sure if Edge is fully PHP 7.2 compatible -- it may be. Frozen is 7.1 compatible, and definitely has some problems on 7.2. See my signature for links to Frozen and Edge. "Edge" is labeled "master" on GitHub, which may be why you couldn't find it. Be aware that Edge is under constant development, and may not be stable enough for a production store, while Frozen is quite stable (although I would apply the various fixes listed in the thread). No one knows if Gary plans to release an updated Frozen, or just a stable version of Edge to eventually replace it.
  3. Like
    videod reacted to John W in Fake accounts   
    I've had a few of these in the last month with some different names, but they enter Google for company and google for company tax id each time.  I know not company tax id isn't stock code, but I added this to block spammers and I can add more to it if I need.  Most regular customers don't enter a tax id, but only spammers enter google for it.  I also have it send me an email to notify me it's happened so I can track it.
    //Added to block spammers if (strtolower($company_tax_id) == 'google') { $error = true; $messageStack->add('create_account', "You have triggered spamming prevention rules. If you info is correct and you are not a spammer please contact us or try again."); $spam_email_text = "Spammer Alert: " . $firstname . " " . $lastname . "Using company name: " . $company . " with tax id: " . $company_tax_id . " triggered spam alert."; tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'Spammer Alert:', $spam_email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } //END Added to block spammers  
  4. Like
    videod reacted to Stephan Gebbers in Fake accounts   
    i have this in my create_account.php for 5minute emails and bad spam domains. maybe this could be done as a module also? i think the original contribution was from oscbooks.com back then..
    // BANNED EMAILS $emails = file(DIR_WS_INCLUDES . 'emails-banned.txt'); for ($i=0, $n=sizeof($emails); $i<$n; $i++) { if (tep_not_null($emails[$i])) { $emaildomain = '@' . trim($emails[$i]); if (is_integer(strpos(strtolower($email_address), $emaildomain))) { $good_email = "no"; break; } } } // Email Whitelist $emails = file(DIR_WS_INCLUDES . 'emails-whitelisted.txt'); for ($i=0, $n=sizeof($emails); $i<$n; $i++) { if (tep_not_null($emails[$i])) { if (is_integer(strpos(strtolower($email_address), trim($emails[$i])))) { $good_email = "yes"; break; } } } if ($good_email == "no") { $error = true; $messageStack->add('create_account', ENTRY_EMAIL_NOT_ALLOWED_ERROR); } // BANNED EMAIL EOF  
  5. Like
    videod reacted to René H4 in Fake accounts   
    SPOT ON! 
    I think this will work for me also.
    It looks like an easy fix, which (up to now) will stop all my fake account creations.....
  6. Like
    videod reacted to John W in Fake accounts   
    Which code are you talking about?  If it's what I posted, you have to have SPPC installed for that field to be in create_account.  I put my block after the lines below and it's worked perfectly without any false positives.
    if (is_numeric($country) == false) { $error = true; $messageStack->add('create_account', ENTRY_COUNTRY_ERROR); }  
  7. Like
    videod reacted to ruden in Fake accounts   
    In addition
    1.  Rename file  create_account.php
    2. Rename in application_top.php tep_session_name  ->  myNameSid
    My practice
  8. Like
    videod reacted to blr044 in [Addon} Modular SEO Header Tags   
    First of all, thanks for a great contribution. But would like to ask a question if I may. I do not see anything in download that refers to keywords. Now I have read other forums and gooole search, and have read that the Google doesn't use the "keywords" meta tag in our web search ranking anymore.
    So is the reason that keywords are not part of the installation?
    Thank for all your help.
  9. Like
    videod reacted to kymation in [Addon} Modular SEO Header Tags   
    Use only the download for Version 1.3, dated 4 Dec 2010. The latest version is incomplete.
    catalog/includes/languages/english/modules/header_tags/ht_all_pages_title_store_name.php and catalog/includes/languages/english/modules/header_tags/ht_all_pages_title_string.php are correct in Version 1.3.
    MODULE_HEADER_TAGS_FRONT_DESCRIPTION_TEXT_ENGLISH is defined in catalog/includes/languages/english/modules/header_tags/ht_front_title.php. It sounds like you are having problems with all of the language files. Check that you uploaded these to the correct directory.
  10. Like
    videod reacted to blr044 in [Addon} Modular SEO Header Tags   
    I have the below error message at top of the front page:
    Have checked phpMyAdmin in the configuration table and MODULE_HEADER_TAGS_FRONT_DESCRIPTION_TEXT_ENGLISH was not there. So what is the procedure of adding it?
    Thank you.
  11. Like
    videod reacted to blr044 in [Addon} Modular SEO Header Tags   
    Problem was in these two files in languages/english....
    had same code for both the includes/modules and the languages files. Did correct with proper code. But somehow I even messed up those files in the download, might of had only one eye open. Sorry. Working now, but if you could post the two correct files codes that go into :

    catalog/includes/languages/english/modules/header_tags/ht_all_pages_title_store_name.php catalog/includes/languages/english/modules/header_tags/ht_all_pages_title_string.php
    I appreciate it.
  12. Like
    videod reacted to James Turner in [CONTRIBUTION] Ultimate SEO URLs v2.1 - by Chemo   
    Hi Jack,
    Thank you so much for your reply.  After being reassured by you that you had experienced no conflicts with your install, I was sure the problem was with my install, and this was indeed the case. The code for 2.3.4 is different and in placing the code in application_top.php I had inserted it just before the correct line. I repeated this mistake many times for some reason, but after receiving your reply I went through each step MUCH more carefully and now everything works PERFECT!
    I sincerely apologize for troubling you with this, but your reply is certainly what helped me fix it, so I really appreciate your prompt reply and these awesome contributions. I am really happy to have found the Header Tags SEO, it works so much better and is so much easier than the previous hacks I created to accomplish this.
    Thanks Again Jack, the community is blessed to have a great contributor like you.
  13. Like
    videod reacted to kymation in USPS Rate V4, Intl Rate V2 (official support thread)   
    You can comment out this line to get rid of the error message:

    trigger_error('Value is not properly chunk encoded', E_USER_WARNING);
    I would like to warn everyone that you should have error reporting turned off in any live store. No customer should ever see a PHP or MySQL error message.
  14. Like
    videod got a reaction from wkdwich in USPS Rate V4, Intl Rate V2 (official support thread)   
    @@wkdwich had to venture out for a while.
    Look for:
    $this->quotes = array (
    'id' => $this->code,
    'module' => $this->title . ' ' , //$this->pounds . ' lbs, ' . $this->ounces . ' oz', (hides displaying of weight)
    'methods' => $methods,
    Note: I put a comma after the 2 single quotes, and put the // just before the $this->pounds to comment out the rest of the line. This hides the weight display in USPS on checkout. This was actually documented in one of the threads. But I think there was an extra space that didn't allow me to do a search and replace. So I manually tracked it down (I am really slow when it comes to code).
  15. Like
    videod reacted to wkdwich in USPS Rate V4, Intl Rate V2 (official support thread)   
    Just as a point of info.. if you keep making changes and are not progressing where you think you should be.. check your database the CONFIGURATION TABLE to see if there are any USPS entries that were not removed the last time you uninstalled. Clearing CACHE & COOKIES might also help but the bigger finger pointing is to left over stuff in the database..
  16. Like
    videod reacted to vampirehunter in ULTIMATE Seo Urls 5 - by FWR Media   
    is this plugin fully working and is it the best SEO search friendly url plugin available?
  17. Like
    videod reacted to Jack_mcs in Is IPN still necessary w/ OSC 2.3.1?   
    The "no order received" problem was due to the customer not returning to the shop. That was fixed in the paypal standard module though setting the auto return, as mentioned, is still usually needed. The paypal standard module in 2.3 is the same one that Harold released about three years ago and is the one that should be used.
  18. Like
    videod reacted to TomB01 in [Contribution] - USPS Methods   
    Received today in my e-mail:
    Have any of you experts looked at this? Think it will break things?
    EDIT: Tried to clean up the formatting; their bullet list didn't copy-paste well ...
  19. Like
    videod got a reaction from Mamezy in New UPS XML Shipping Module available   
    I just installed v1_3_91 on my development server and it is working great. I don't believe I needed Godaddy code for this one. I am going to put it on my production server as well. If it doesn't work I will post. :D