JUST RELEASED! Printable Catalog

[msasek 0]

Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

[chrish123 0]

Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

 

 

Hi, I still think there is a sql injection flaw in this module, so i'm removing this from my sites, for example, on your demo site try this: catalog_products_with_images.php?listing=%20&page=\''SQL

 

Thats just a test from a PCI compliance scan I had.

 

catalog_products_with_images.php See Above Urgent 80 SQL

Regular expression used to detect attack:

You have an error in your SQL syntax

Parameters:

page = \''SQL

listing =

URL: http://www.mysite.com:80/catalog_products_...es.php?listing= &page=\''SQL

[chrish123 0]

If you Turn register globals off on your php ini, the code above will not execute, however register globals is sometimes needed by some contributions.

[dwobbit 0]

Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

 

I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this?

 

Thanks in advance for any help!

[Tezla 0]

Pretty cool contribution. We are using it for back office product admin.

 

However, there's something wrong with the "Date Added" column (which we happen to need). If I turn on both options, the Date column header appears, but it's always over to the left, seems to take the place of Name, and shifts other column header over one place. Just the Header appears, but no Dates below it.

 

Also, if you click the Up Arrow Sort button on any column, it sorts by that column properly (nice feature by the way). But, if you click the Down Arrow Sort button, it sorts by Date added (you can see it in the URL). This is with both Date options turned off or hidden.

[contaseberloques 0]

I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this?

 

Thanks in advance for any help!

 

 

I have the some problem, I can´t see the other items that I have, and the sort buttons don´t work, does any one know to fix this, I have to resolve this very quickly.

[TomasART 0]

arrrgghhhhh subcategories products not shown in the printable catalog with Printable_Catalog_2.3 by webschiff .

 

Any help to modify the query?

[TomasART 0]

here are the quety that don't show products in subcategories.

 

$print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name";

[dowser 0]

I've tried to use it with the Dynamic Image Resizer and all the pictures are squashed now.

Any idea how to fix it? It's probably something in html_output.php...

[Mort-lemur 168]

Hi,

 

Has anyone sorted out the bugs yet with the sorting of columns?

 

Also when I enable descriptions it only shows the first two products..

 

Would love to be able to get this to work as it is a good contrib.

 

Thanks

[iperez_genius 0]

I have just installed the script.

Look like it works great...thanks!

 

i am just wondering how do i tell it to print the whole catalog and not just 1 item

 

 

Ilan

[maxemus 2]

Hi people,

Any fix on the sort order, and Next page issues??

[cantex123 0]

Scratch that last post.... I figured out that I was in the catalog/print_catalog.php file rather than the catalog/includes/modules/print_catalog.php file. I found the URL to replace.

 

Thanks so much for your help!!!

 

 

Hello Everyone,

 

I have the same problem i couldnt find any URL in any file neither catalog/print_catalog nor /module/print_catalog.

my page display blank : http://www.cantex.name/print_catalog.php

 

where i have to put my website URL.

 

plz anyone me.

[Two Pillars 0]

here are the quety that don't show products in subcategories.

 

$print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name";

 

Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine.

[Two Pillars 0]

Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine.

Nope, just moved the items directly in the categories into new subcategories and no dice. Now it says there are no products to show! So now I guess I'll pick through the query to see what I can find...

[bobsi18 2]

Hi,

 

Has anyone sorted out the bugs yet with the sorting of columns?

 

Also when I enable descriptions it only shows the first two products..

 

Would love to be able to get this to work as it is a good contrib.

 

Thanks

 

I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :)

[bobsi18 2]

I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :)

 

Fixed the sorting issue...

Sorting options not working

This appears to be a register_globals issue - to fix, find switch ($listing) { and replace with switch ($_GET['listing']) { in catalog_products_with_images.php

 

Still trying to figure out the page links issue. Not sure if I'll be able to figure it out...

[kevavent 0]

Like Two Pillars' problem, my items in subcategories aren't showing either. Items in categories show just fine, but anything listed in a sub-category is not displaying. Any ideas???

Edited October 11, 2010 by kevavent

[Jimmy62 0]

I have a problem with the contrib. For several pages, I can not get to the next page, it appears again and again the first page, page 2, 3, etc. are not displayed.

 

I'am German, excuse my bad English

 

 

Greetings

Bernd

[Jimmy62 0]

Can anyone help on this forum? I have seen it already, that it goes for some. I do not understand that nobody is willing to help. Since I'm probably not the only one who has this problem.

Edited October 17, 2010 by Jimmy62

[Jimmy62 0]

Go now, thanks for the help