msasek 0 Posted January 27, 2009 Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks. I have updated the package to correctly sanitize input to no longer allow xss attacks. Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole. Download it here: http://addons.oscommerce.com/info/1410 Share this post Link to post Share on other sites
chrish123 0 Posted March 2, 2009 Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks. I have updated the package to correctly sanitize input to no longer allow xss attacks. Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole. Download it here: http://addons.oscommerce.com/info/1410 Hi, I still think there is a sql injection flaw in this module, so i'm removing this from my sites, for example, on your demo site try this: catalog_products_with_images.php?listing=%20&page=\''SQL Thats just a test from a PCI compliance scan I had. catalog_products_with_images.php See Above Urgent 80 SQLRegular expression used to detect attack: You have an error in your SQL syntax Parameters: page = \''SQL listing = URL: http://www.mysite.com:80/catalog_products_...es.php?listing= &page=\''SQL Share this post Link to post Share on other sites
chrish123 0 Posted March 2, 2009 If you Turn register globals off on your php ini, the code above will not execute, however register globals is sometimes needed by some contributions. Share this post Link to post Share on other sites
dwobbit 0 Posted May 31, 2009 Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks. I have updated the package to correctly sanitize input to no longer allow xss attacks. Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole. Download it here: http://addons.oscommerce.com/info/1410 I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this? Thanks in advance for any help! Share this post Link to post Share on other sites
Tezla 0 Posted June 12, 2009 Pretty cool contribution. We are using it for back office product admin. However, there's something wrong with the "Date Added" column (which we happen to need). If I turn on both options, the Date column header appears, but it's always over to the left, seems to take the place of Name, and shifts other column header over one place. Just the Header appears, but no Dates below it. Also, if you click the Up Arrow Sort button on any column, it sorts by that column properly (nice feature by the way). But, if you click the Down Arrow Sort button, it sorts by Date added (you can see it in the URL). This is with both Date options turned off or hidden. Share this post Link to post Share on other sites
contaseberloques 0 Posted June 19, 2009 I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this? Thanks in advance for any help! I have the some problem, I can´t see the other items that I have, and the sort buttons don´t work, does any one know to fix this, I have to resolve this very quickly. Share this post Link to post Share on other sites
TomasART 0 Posted July 29, 2009 arrrgghhhhh subcategories products not shown in the printable catalog with Printable_Catalog_2.3 by webschiff . Any help to modify the query? Share this post Link to post Share on other sites
TomasART 0 Posted July 30, 2009 here are the quety that don't show products in subcategories. $print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name"; Share this post Link to post Share on other sites
dowser 0 Posted September 2, 2009 I've tried to use it with the Dynamic Image Resizer and all the pictures are squashed now. Any idea how to fix it? It's probably something in html_output.php... Share this post Link to post Share on other sites
Mort-lemur 168 Posted September 28, 2009 Hi, Has anyone sorted out the bugs yet with the sorting of columns? Also when I enable descriptions it only shows the first two products.. Would love to be able to get this to work as it is a good contrib. Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Share this post Link to post Share on other sites
iperez_genius 0 Posted November 21, 2009 I have just installed the script. Look like it works great...thanks! i am just wondering how do i tell it to print the whole catalog and not just 1 item Ilan Share this post Link to post Share on other sites
maxemus 2 Posted February 16, 2010 Hi people, Any fix on the sort order, and Next page issues?? Share this post Link to post Share on other sites
cantex123 0 Posted March 16, 2010 Scratch that last post.... I figured out that I was in the catalog/print_catalog.php file rather than the catalog/includes/modules/print_catalog.php file. I found the URL to replace. Thanks so much for your help!!! Hello Everyone, I have the same problem i couldnt find any URL in any file neither catalog/print_catalog nor /module/print_catalog. my page display blank : http://www.cantex.name/print_catalog.php where i have to put my website URL. plz anyone me. Share this post Link to post Share on other sites
Two Pillars 0 Posted May 15, 2010 here are the quety that don't show products in subcategories. $print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name"; Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine. Share this post Link to post Share on other sites
Two Pillars 0 Posted May 15, 2010 Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine. Nope, just moved the items directly in the categories into new subcategories and no dice. Now it says there are no products to show! So now I guess I'll pick through the query to see what I can find... Share this post Link to post Share on other sites
bobsi18 2 Posted June 3, 2010 Hi, Has anyone sorted out the bugs yet with the sorting of columns? Also when I enable descriptions it only shows the first two products.. Would love to be able to get this to work as it is a good contrib. Thanks I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :) Share this post Link to post Share on other sites
bobsi18 2 Posted June 3, 2010 I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :) Fixed the sorting issue... Sorting options not working This appears to be a register_globals issue - to fix, find switch ($listing) { and replace with switch ($_GET['listing']) { in catalog_products_with_images.php Still trying to figure out the page links issue. Not sure if I'll be able to figure it out... 1 Jimmy62 reacted to this Share this post Link to post Share on other sites
kevavent 0 Posted October 11, 2010 (edited) Like Two Pillars' problem, my items in subcategories aren't showing either. Items in categories show just fine, but anything listed in a sub-category is not displaying. Any ideas??? Edited October 11, 2010 by kevavent Share this post Link to post Share on other sites
Jimmy62 0 Posted October 15, 2010 I have a problem with the contrib. For several pages, I can not get to the next page, it appears again and again the first page, page 2, 3, etc. are not displayed. I'am German, excuse my bad English Greetings Bernd Share this post Link to post Share on other sites
Jimmy62 0 Posted October 17, 2010 (edited) Can anyone help on this forum? I have seen it already, that it goes for some. I do not understand that nobody is willing to help. Since I'm probably not the only one who has this problem. Edited October 17, 2010 by Jimmy62 Share this post Link to post Share on other sites
Jimmy62 0 Posted October 18, 2010 Go now, thanks for the help Share this post Link to post Share on other sites