msasek Posted January 27, 2009 Share Posted January 27, 2009 Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks. I have updated the package to correctly sanitize input to no longer allow xss attacks. Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole. Download it here: http://addons.oscommerce.com/info/1410 Quote Link to comment Share on other sites More sharing options...
chrish123 Posted March 2, 2009 Share Posted March 2, 2009 Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks. I have updated the package to correctly sanitize input to no longer allow xss attacks. Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole. Download it here: http://addons.oscommerce.com/info/1410 Hi, I still think there is a sql injection flaw in this module, so i'm removing this from my sites, for example, on your demo site try this: catalog_products_with_images.php?listing=%20&page=\''SQL Thats just a test from a PCI compliance scan I had. catalog_products_with_images.php See Above Urgent 80 SQLRegular expression used to detect attack: You have an error in your SQL syntax Parameters: page = \''SQL listing = URL: http://www.mysite.com:80/catalog_products_...es.php?listing= &page=\''SQL Quote Link to comment Share on other sites More sharing options...
chrish123 Posted March 2, 2009 Share Posted March 2, 2009 If you Turn register globals off on your php ini, the code above will not execute, however register globals is sometimes needed by some contributions. Quote Link to comment Share on other sites More sharing options...
Guest Posted May 31, 2009 Share Posted May 31, 2009 Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks. I have updated the package to correctly sanitize input to no longer allow xss attacks. Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole. Download it here: http://addons.oscommerce.com/info/1410 I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this? Thanks in advance for any help! Quote Link to comment Share on other sites More sharing options...
Tezla Posted June 12, 2009 Share Posted June 12, 2009 Pretty cool contribution. We are using it for back office product admin. However, there's something wrong with the "Date Added" column (which we happen to need). If I turn on both options, the Date column header appears, but it's always over to the left, seems to take the place of Name, and shifts other column header over one place. Just the Header appears, but no Dates below it. Also, if you click the Up Arrow Sort button on any column, it sorts by that column properly (nice feature by the way). But, if you click the Down Arrow Sort button, it sorts by Date added (you can see it in the URL). This is with both Date options turned off or hidden. Quote Link to comment Share on other sites More sharing options...
contaseberloques Posted June 19, 2009 Share Posted June 19, 2009 I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this? Thanks in advance for any help! I have the some problem, I can´t see the other items that I have, and the sort buttons don´t work, does any one know to fix this, I have to resolve this very quickly. Quote Link to comment Share on other sites More sharing options...
Guest Posted July 29, 2009 Share Posted July 29, 2009 arrrgghhhhh subcategories products not shown in the printable catalog with Printable_Catalog_2.3 by webschiff . Any help to modify the query? Quote Link to comment Share on other sites More sharing options...
Guest Posted July 30, 2009 Share Posted July 30, 2009 here are the quety that don't show products in subcategories. $print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name"; Quote Link to comment Share on other sites More sharing options...
dowser Posted September 2, 2009 Share Posted September 2, 2009 I've tried to use it with the Dynamic Image Resizer and all the pictures are squashed now. Any idea how to fix it? It's probably something in html_output.php... Quote Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 28, 2009 Share Posted September 28, 2009 Hi, Has anyone sorted out the bugs yet with the sorting of columns? Also when I enable descriptions it only shows the first two products.. Would love to be able to get this to work as it is a good contrib. Thanks Quote Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
iperez_genius Posted November 21, 2009 Share Posted November 21, 2009 I have just installed the script. Look like it works great...thanks! i am just wondering how do i tell it to print the whole catalog and not just 1 item Ilan Quote Link to comment Share on other sites More sharing options...
maxemus Posted February 16, 2010 Share Posted February 16, 2010 Hi people, Any fix on the sort order, and Next page issues?? Quote Link to comment Share on other sites More sharing options...
cantex123 Posted March 16, 2010 Share Posted March 16, 2010 Scratch that last post.... I figured out that I was in the catalog/print_catalog.php file rather than the catalog/includes/modules/print_catalog.php file. I found the URL to replace. Thanks so much for your help!!! Hello Everyone, I have the same problem i couldnt find any URL in any file neither catalog/print_catalog nor /module/print_catalog. my page display blank : http://www.cantex.name/print_catalog.php where i have to put my website URL. plz anyone me. Quote Link to comment Share on other sites More sharing options...
Guest Posted May 15, 2010 Share Posted May 15, 2010 here are the quety that don't show products in subcategories. $print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name"; Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine. Quote Link to comment Share on other sites More sharing options...
Guest Posted May 15, 2010 Share Posted May 15, 2010 Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine. Nope, just moved the items directly in the categories into new subcategories and no dice. Now it says there are no products to show! So now I guess I'll pick through the query to see what I can find... Quote Link to comment Share on other sites More sharing options...
bobsi18 Posted June 3, 2010 Share Posted June 3, 2010 Hi, Has anyone sorted out the bugs yet with the sorting of columns? Also when I enable descriptions it only shows the first two products.. Would love to be able to get this to work as it is a good contrib. Thanks I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :) Quote Link to comment Share on other sites More sharing options...
bobsi18 Posted June 3, 2010 Share Posted June 3, 2010 I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :) Fixed the sorting issue... Sorting options not working This appears to be a register_globals issue - to fix, find switch ($listing) { and replace with switch ($_GET['listing']) { in catalog_products_with_images.php Still trying to figure out the page links issue. Not sure if I'll be able to figure it out... Jimmy62 1 Quote Link to comment Share on other sites More sharing options...
kevavent Posted October 11, 2010 Share Posted October 11, 2010 (edited) Like Two Pillars' problem, my items in subcategories aren't showing either. Items in categories show just fine, but anything listed in a sub-category is not displaying. Any ideas??? Edited October 11, 2010 by kevavent Quote Link to comment Share on other sites More sharing options...
Jimmy62 Posted October 15, 2010 Share Posted October 15, 2010 I have a problem with the contrib. For several pages, I can not get to the next page, it appears again and again the first page, page 2, 3, etc. are not displayed. I'am German, excuse my bad English Greetings Bernd Quote Link to comment Share on other sites More sharing options...
Jimmy62 Posted October 17, 2010 Share Posted October 17, 2010 (edited) Can anyone help on this forum? I have seen it already, that it goes for some. I do not understand that nobody is willing to help. Since I'm probably not the only one who has this problem. Edited October 17, 2010 by Jimmy62 Quote Link to comment Share on other sites More sharing options...
Jimmy62 Posted October 18, 2010 Share Posted October 18, 2010 Go now, thanks for the help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.