Jump to content
Sign in to follow this  
BirdBrain

JUST RELEASED! Printable Catalog

Recommended Posts

Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

Share this post


Link to post
Share on other sites
Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

 

 

Hi, I still think there is a sql injection flaw in this module, so i'm removing this from my sites, for example, on your demo site try this: catalog_products_with_images.php?listing=%20&page=\''SQL

 

Thats just a test from a PCI compliance scan I had.

 

catalog_products_with_images.php See Above Urgent 80 SQL

Regular expression used to detect attack:

You have an error in your SQL syntax

Parameters:

page = \''SQL

listing =

URL: http://www.mysite.com:80/catalog_products_...es.php?listing= &page=\''SQL

Share this post


Link to post
Share on other sites

If you Turn register globals off on your php ini, the code above will not execute, however register globals is sometimes needed by some contributions.

Share this post


Link to post
Share on other sites
Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

 

I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this?

 

Thanks in advance for any help!

Share this post


Link to post
Share on other sites

Pretty cool contribution. We are using it for back office product admin.

 

However, there's something wrong with the "Date Added" column (which we happen to need). If I turn on both options, the Date column header appears, but it's always over to the left, seems to take the place of Name, and shifts other column header over one place. Just the Header appears, but no Dates below it.

 

Also, if you click the Up Arrow Sort button on any column, it sorts by that column properly (nice feature by the way). But, if you click the Down Arrow Sort button, it sorts by Date added (you can see it in the URL). This is with both Date options turned off or hidden.

Share this post


Link to post
Share on other sites
I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this?

 

Thanks in advance for any help!

 

 

I have the some problem, I can´t see the other items that I have, and the sort buttons don´t work, does any one know to fix this, I have to resolve this very quickly.

Share this post


Link to post
Share on other sites

arrrgghhhhh subcategories products not shown in the printable catalog with Printable_Catalog_2.3 by webschiff .

 

Any help to modify the query?

Share this post


Link to post
Share on other sites

here are the quety that don't show products in subcategories.

 

$print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name";

Share this post


Link to post
Share on other sites

I've tried to use it with the Dynamic Image Resizer and all the pictures are squashed now.

Any idea how to fix it? It's probably something in html_output.php...

Share this post


Link to post
Share on other sites

Hi,

 

Has anyone sorted out the bugs yet with the sorting of columns?

 

Also when I enable descriptions it only shows the first two products..

 

Would love to be able to get this to work as it is a good contrib.

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

I have just installed the script.

Look like it works great...thanks!

 

i am just wondering how do i tell it to print the whole catalog and not just 1 item

 

 

Ilan

Share this post


Link to post
Share on other sites

Scratch that last post.... I figured out that I was in the catalog/print_catalog.php file rather than the catalog/includes/modules/print_catalog.php file. I found the URL to replace.

 

Thanks so much for your help!!!

 

 

Hello Everyone,

 

I have the same problem i couldnt find any URL in any file neither catalog/print_catalog nor /module/print_catalog.

my page display blank : http://www.cantex.name/print_catalog.php

 

where i have to put my website URL.

 

plz anyone me.

Share this post


Link to post
Share on other sites

here are the quety that don't show products in subcategories.

 

$print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name";

 

Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine.

Share this post


Link to post
Share on other sites

Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine.

Nope, just moved the items directly in the categories into new subcategories and no dice. Now it says there are no products to show! So now I guess I'll pick through the query to see what I can find...

Share this post


Link to post
Share on other sites

Hi,

 

Has anyone sorted out the bugs yet with the sorting of columns?

 

Also when I enable descriptions it only shows the first two products..

 

Would love to be able to get this to work as it is a good contrib.

 

Thanks

 

I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :)

Share this post


Link to post
Share on other sites

I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :)

 

Fixed the sorting issue...

Sorting options not working

This appears to be a register_globals issue - to fix, find switch ($listing) { and replace with switch ($_GET['listing']) { in catalog_products_with_images.php

 

Still trying to figure out the page links issue. Not sure if I'll be able to figure it out...

Share this post


Link to post
Share on other sites

Like Two Pillars' problem, my items in subcategories aren't showing either. Items in categories show just fine, but anything listed in a sub-category is not displaying. Any ideas???

Edited by kevavent

Share this post


Link to post
Share on other sites

I have a problem with the contrib. For several pages, I can not get to the next page, it appears again and again the first page, page 2, 3, etc. are not displayed.

 

I'am German, excuse my bad English

 

 

Greetings

Bernd

Share this post


Link to post
Share on other sites

Can anyone help on this forum? I have seen it already, that it goes for some. I do not understand that nobody is willing to help. Since I'm probably not the only one who has this problem.

Edited by Jimmy62

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×