Jump to content
Latest News: (loading..)

FWR Media

♥Ambassador
  • Content count

    6,718
  • Joined

  • Last visited

  • Days Won

    46

Reputation Activity

  1. Like
    FWR Media got a reaction from spooks in [contribution] Security Pro - Querystring protection against hackers.   
    Although this subject has a post elsewhere I was asked to put it up as a contribution especially as now we have some solid usage suggesting no major issues.
     
    Quite recently I was involved in a topic related to customer_testimonials contribution where the "hacking world" had been made aware of an opportunity to hack osCommerce via a vulnerability in the querystring ($_GET/$HTTP_GET_VARS).
     
    Our response was to "cleanse" the incoming $_GET/$HTTP_GET_VARS. However this approach is a losing game as with security it never makes sense to run around trying to sure up contributions individually. So I've been looking at this on "another forum" and have come up with a solution that I would now call beta.
     
    The concept here (not a new one) is to totally sanitise the incoming ($_GET/$HTTP_GET_VARS) at source (the top of catalog/includes/application_top.php) then to sanitise $_REQUEST by $_REQUEST = $_GET + $_POST (Yes we lost $_COOKIE).
     
    By "sanitise" they key here is that we are ALLOWING certain characters to exist in the querystring NOT trying to clean away some dirty ones.
     
    The danger here of course is that we inadvertently remove a character that is required for a legitimate osCommerce function.
     
    After much testing allowed characters are as follows: -
    a-z
    A-Z
    0-9
    .(dot)
    -(hyphen)
    _(underscore)
    {}
    space (needed for search)
    % (To avoid breaking urlencoded strings used by payment systems) - Thanks perfectpassion.
     
    We are zealously cleaning here so there is always a risk that some contibution may introduce to the querystring a character that is not allowed, so please ensure that you fully test that all your payment systems etc. are functioning correctly.
     
    Upgrade: This package has a minor change to the code/positioning in catalog/includes/application_top.php (To allow admin On/Off). Plus an install script for the admin settings.
     
    Hope it keeps you all safe.
     
    Contribution http://addons.oscommerce.com/info/5752
  2. Like
    FWR Media got a reaction from Greecom in KissMT Dynamic SEO Meta & Canonical Header Tags   
    KissMT Dynamic SEO Meta & Canonical Header Tags
    powerful seo meta tags & canonical elements in just 5 minutes.
     
    Compatibility:
    Oscommerce MS2.2, RC (all versions)
    PHP 5.2+/5.3+ ( PHP 4 NOT supported )
    MySQL 4/5
     
    Download:
    http://addons.oscommerce.com/info/7199
     
    Credits: ( thanks to all the beta testers without whom the initial KissMT release could never have been so solid )
    Special thanks to:
    Tom aka tomh/perfectpassion, Graeme aka knott, ken aka ken44, James aka jwilkins
    Thanks also to:
    Wim aka Mister_dj, Onno aka Onnootje, John aka berkedam, Fabian aka proimage,
    Daniel aka Morpheus1979, Marie aka mariemeh.
     
    Recommendations:
    We recommend the use of Ultimate Seo Urls 5/5 Pro as the perfect Seo Url addition to this contribution.
    http://addons.oscommerce.com/info/6768
     
    Header tags seo and other meta tag contributions:
    Want to try this out but leave your existing meta tags contribution in place? Do the safe 2 minute test! ( documentation/2_minute_test.html )
     
    Features:


     
    Fast 5 minute install ( easy for beginners and experienced )
    Dynamically generated meaningful meta tags with no complexity.
    No core osCommerce file changes ( except replacing the <title></title> in the catalog files ).
    Updates and upgrades with no core osCommerce file changes ( just replace the module directory ).
    Compatible with highly modified sites. ( due to "no core osCommerce file changes" )
    Modern Canonical elements, as recommended by Mat Cutts of Google, protecting you against indexed sessions ( osCsid ) and duplicate content.
    Automated Meta titles intelligently built (to your specified length)
    Automated keyword generation with stopwords removed. (multi language capable)
    Automated description generation.
    Automated meta title capitalisation excluding small words (multi language capable)
    Highly efficient system using 2 queries maximum and none after cache load. ( so ideal even for the biggest shops )
    Modern PHP 5.2/5.3 code
    Error free with no deprecated code ( even on high error reporting E_ALL | E_STRICT )
    Perfect for small and large shops ( due to efficiency )
    No complex manual "fiddling" required. ( works out of the box )
    HTML/XHTML output. ( easy to validate )
    Performance output for testing & development ( or just to exemplify efficiency )

     
    Extra features: ( requires additional install )


     
    Admin based settings ( database install )
    SEO Category content. Text content for every category page. ( also used in meta tags )
    SEO Manufacturers content. Text content for every manufacturers page. ( also used in meta tags )
    H1 tagged SEO automatic page titles. ( to your specified length )

  3. Like
    FWR Media got a reaction from Greecom in ULTIMATE Seo Urls 5 - by FWR Media   
    KissMT Dynamic SEO Meta & Canonical Header Tags
     
    Just launched as a new contribution.
     
    I highly recommend users of USU5 to take a look.
     
    Even if you are unsure and want to try it out while retaining your existing meta tags contribution there is a "2 minute test" instruction where you can try out KissMT without compromising your existing installation.
     
    Download
     
    Support thread
  4. Like
    FWR Media got a reaction from Greecom in KissMT Dynamic SEO Meta & Canonical Header Tags   
    KissMT Dynamic SEO Meta & Canonical Header Tags
    powerful seo meta tags & canonical elements in just 5 minutes.
     
    Compatibility:
    Oscommerce MS2.2, RC (all versions)
    PHP 5.2+/5.3+ ( PHP 4 NOT supported )
    MySQL 4/5
     
    Download:
    http://addons.oscommerce.com/info/7199
     
    Credits: ( thanks to all the beta testers without whom the initial KissMT release could never have been so solid )
    Special thanks to:
    Tom aka tomh/perfectpassion, Graeme aka knott, ken aka ken44, James aka jwilkins
    Thanks also to:
    Wim aka Mister_dj, Onno aka Onnootje, John aka berkedam, Fabian aka proimage,
    Daniel aka Morpheus1979, Marie aka mariemeh.
     
    Recommendations:
    We recommend the use of Ultimate Seo Urls 5/5 Pro as the perfect Seo Url addition to this contribution.
    http://addons.oscommerce.com/info/6768
     
    Header tags seo and other meta tag contributions:
    Want to try this out but leave your existing meta tags contribution in place? Do the safe 2 minute test! ( documentation/2_minute_test.html )
     
    Features:


     
    Fast 5 minute install ( easy for beginners and experienced )
    Dynamically generated meaningful meta tags with no complexity.
    No core osCommerce file changes ( except replacing the <title></title> in the catalog files ).
    Updates and upgrades with no core osCommerce file changes ( just replace the module directory ).
    Compatible with highly modified sites. ( due to "no core osCommerce file changes" )
    Modern Canonical elements, as recommended by Mat Cutts of Google, protecting you against indexed sessions ( osCsid ) and duplicate content.
    Automated Meta titles intelligently built (to your specified length)
    Automated keyword generation with stopwords removed. (multi language capable)
    Automated description generation.
    Automated meta title capitalisation excluding small words (multi language capable)
    Highly efficient system using 2 queries maximum and none after cache load. ( so ideal even for the biggest shops )
    Modern PHP 5.2/5.3 code
    Error free with no deprecated code ( even on high error reporting E_ALL | E_STRICT )
    Perfect for small and large shops ( due to efficiency )
    No complex manual "fiddling" required. ( works out of the box )
    HTML/XHTML output. ( easy to validate )
    Performance output for testing & development ( or just to exemplify efficiency )

     
    Extra features: ( requires additional install )


     
    Admin based settings ( database install )
    SEO Category content. Text content for every category page. ( also used in meta tags )
    SEO Manufacturers content. Text content for every manufacturers page. ( also used in meta tags )
    H1 tagged SEO automatic page titles. ( to your specified length )

  5. Like
    FWR Media got a reaction from burt in KissMT Dynamic SEO Meta Tags   
    Having seen those errors I now obviously realise you are using STS which I avoid like the plague.
     
    Quite possibly instead of the catalog files the title /title code may need to be in a template or something?
     
    I am afraid I do not develop systems with STS in mind so I could be at a loss here.
  6. Like
    FWR Media got a reaction from zooyork in ULTIMATE Seo Urls 5 - by FWR Media   
    No the issue you were having was due to the fact that tep_href_link() was being passed a path ext/modules/payment/platnosci/checkout_pl.php instead of a filename, I thought that may be the case which is why I suggested you upgrade. The other issue cannot be automatically attributed to USU5 and I'm pretty certain is unrelated.
  7. Like
    FWR Media got a reaction from zooyork in ULTIMATE Seo Urls 5 - by FWR Media   
    Current revision is r141
     
    you need to upgrade to r119 then to r141 .. don't worry the upgrades are simple.
     
    One thing to remember is to remove the code in includes/footer.php
     

    usu::performance();
     
    I forgot to put it's removal in the instructions.
     
    Let me know how it does with your problem.
  8. Like
    FWR Media got a reaction from marius123 in ULTIMATE Seo Urls 5 - by FWR Media   
    This link is wrong ..
     

    tep_href_link('product_info.php?products_id='.$p_id)
     
    It should be ..
     

    tep_href_link( FILENAME_PRODUCT_INFO, 'products_id=' . $p_id )
     
    The other link will work ..
     

    tep_href_link("products_new.php","action=buy_now&products_id=".$p_id)
     
    But should be ..
     

    tep_href_link( FILENAME_PRODUCTS_NEW, 'action=buy_now&products_id=' . $p_id )
  9. Like
    FWR Media got a reaction from marius123 in ULTIMATE Seo Urls 5 - by FWR Media   
    I'm confused Mario, USU5 produces urls it has nothing to do with menus. As long as the menu is using the correct tep_href_link() function then USU5 will produce the correct urls.
  10. Like
    FWR Media got a reaction from spooks in Remove & Prevent duplicate content with the canonical tag   
    Sam just a few bits I'd have done differently, obviously use none of it, part of it or all of it as you wish. This is untested I hasten to add.
     
    On the site page ..
     

    <?php sams_canonical( $xhtml = true ); ?>
     
    the function ..
     

    <?php function sams_canonical( $xhtml = false ) { global $request_type; $close_tag = ' />'; if ( false === $xhtml ) { $close_tag = '>'; } $domain = ( $request_type == 'SSL' ? HTTPS_SERVER : HTTP_SERVER ); // Find the file basename safely = PHP_SELF is unreliable - SCRIPT_NAME can show path to phpcgi if ( array_key_exists( 'SCRIPT_NAME', $_SERVER ) && ( substr( basename( $_SERVER['SCRIPT_NAME'] ), -4, 4 ) == '.php' ) ) { $basefile = basename( $_SERVER['SCRIPT_NAME'] ); } elseif ( array_key_exists( 'PHP_SELF', $_SERVER ) && ( substr( basename( $_SERVER['PHP_SELF'] ), -4, 4 ) == '.php' ) ) { $basefile = basename( $_SERVER['PHP_SELF'] ); } else { // No base file so we have to return nothing return false; } // Don't produce canonicals for SSL pages that bots shouldn't see $ignore_array = array( 'account', 'address', 'checkout', 'login', 'password', 'logoff' ); if ( in_array( str_replace( '.php', '', $basefile ) , $ignore_array ) ) { // Bots shouldn't be here so show no canonical return false; } // REQUEST_URI usually doesn't exist on Windows servers ( sometimes ORIG_PATH_INFO doesn't either ) if ( array_key_exists( 'REQUEST_URI', $_SERVER ) ) { $request_uri = str_replace( strrchr( $_SERVER['REQUEST_URI'], '?' ), '', $_SERVER['REQUEST_URI'] ); } elseif( array_key_exists( 'ORIG_PATH_INFO', $_SERVER ) ) { $request_uri = str_replace( strrchr( $_SERVER['ORIG_PATH_INFO'], '?' ), '', $_SERVER['ORIG_PATH_INFO'] ); } else { // we need to fail here as we have no REQUEST_URI and return no canonical link html return false; } // We want these _GET keys removed from the canonical link $ignore_get_keys = array( 'currency', 'language', 'page', 'sort', 'ref', 'affiliate_banner_id', 'osCsid' ); if ( !empty( $_GET ) ) { $get = $_GET; $newget = array(); foreach ( $get as $key => $value ) { if ( in_array( $key, $ignore_get_keys ) ) { unset( $get[$key] ); } } } else { $get = ''; } if ( !empty( $get ) ) { $get = '?' . http_build_query( $get ); } $canonical = $domain . $request_uri . $get; echo '<link rel="canonical" href="' . $canonical . '"' . $close_tag . PHP_EOL; } // function ?>
     
    Hope it helps or gives some ideas ( http_build_query is PHP5 but has a wrapper in RC2a not sure about MS2.2)
  11. Like
    FWR Media got a reaction from dinmc in auctionTastic   
    I'll install it on 2.2 tomorrow and let you know. I haven't had any other reports of it not working on MS2.2 but I'll try nevertheless.
  12. Like
    FWR Media got a reaction from zooyork in Header Tags SEO   
    no don't do that it wont work .. do this instead.
     
    catalog/includes/application_top.php
     
    Find ..
     

    // include the list of project filenames require(DIR_WS_INCLUDES . 'filenames.php');
     
    Add immediately below: -
     

    if ( $_SERVER['PHP_SELF'] == '/' ) { $PHP_SELF = $_SERVER['PHP_SELF'] = $HTTP_SERVER_VARS['PHP_SELF'] = FILENAME_DEFAULT; }
  13. Like
    FWR Media got a reaction from zooyork in Header Tags SEO   
    Jack re:zooyork
     
    We had a problem with his server and USU5, oddly on his server when you access the site as www.mysite.com both $_SERVER['SCRIPT_NAME'] and $_SERVER['PHP_SELF'] contain just /.
     
    On every other server I have worked on they contain /index.php.
     
    So .. if in the header tags script somewhere it uses basename( $HTTP_SERVER_VARS['PHP_SELF'] ) or something expecting to get a filename .. it wont.
     
    Hope that helps.
     
    Regards
     
    Rob
  14. Like
    FWR Media got a reaction from zooyork in ULTIMATE Seo Urls 5 - by FWR Media   
    Ok remove the test code.
     
    You have an odd server there, when accessed as mysite.com (no index.php) $_SERVER['SCRIPT_NAME'] and $_SERVER['PHP_SELF'] should contain /index.php .. yours contains nothing. What server type is it?
     
    Where you used to have ..

    trigger_error( 'USU5 could not find a valid base filename, please inform the developer.', E_USER_WARNING );
     
    Change the line to ..
     

    return 'index.php';
  15. Like
    FWR Media got a reaction from zooyork in ULTIMATE Seo Urls 5 - by FWR Media   
    This is for all pages? index.php or what?
     
    This should only happen for an incorrect page file name.
  16. Like
    FWR Media got a reaction from Dzines in ULTIMATE Seo Urls 5 - by FWR Media   
    I'm not saying it is possibly the issue I am stating that it IS the issue.
     
    Are you checking ..
     
    catalog/ADMIN/includes/functions/general.php
     
    or ..
     
    catalog/includes/functions/general.php
×