Jump to content

Archived

This topic is now archived and is closed to further replies.

johnnybebad

crossscript alert

Recommended Posts

Hi I was using Mcafee a few days ago and it highlighted the http_error.php had a potential issue with cross scripting, I thought I had all my files sorted with the security updates but this one was only flagged recently so I just dont know anymore.

 

 

below is the code for the file, but I dont understand.

 

Ensure that parameters and user input are sanitized by doing the following:

# Remove < input and replace with <

# Remove > input and replace with >

# Remove ' input and replace with '

# Remove " input and replace with "

# Remove ) input and replace with )

# Remove ( input and replace with (

<?php
/*
 $Id: http_error.php,v 1.5
 2004/06/30 20:55:23 chaicka Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2004 osCommerce

 Released under the GNU General Public License
*/
 require('includes/application_top.php');

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_HTTP_ERROR);
 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADVANCED_SEARCH);

 switch ($HTTP_GET_VARS['error_id']) {
    case '400':  $error_text = ERROR_400_DESC; break;
    case '401':  $error_text = ERROR_401_DESC; break;
    case '403':  $error_text = ERROR_403_DESC; break;
    case '404':  $error_text = ERROR_404_DESC; break;
    case '405':  $error_text = ERROR_405_DESC; break;
    case '408':  $error_text = ERROR_408_DESC; break;
    case '415':  $error_text = ERROR_415_DESC; break;
    case '416':  $error_text = ERROR_416_DESC; break;
    case '417':  $error_text = ERROR_417_DESC; break;
    case '500':  $error_text = ERROR_500_DESC; break;
    case '501':  $error_text = ERROR_501_DESC; break;
    case '502':  $error_text = ERROR_502_DESC; break;
    case '503':  $error_text = ERROR_503_DESC; break;
    case '504':  $error_text = ERROR_504_DESC; break;
    case '505':  $error_text = ERROR_505_DESC; break;
    default:     $error_text = UNKNOWN_ERROR_DESC; break;
 }

// Send the HTTP Error to Store Owner
 if (EMAIL_HTTP_ERROR == 'true') {
   tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_TEXT_SUBJECT, sprintf(EMAIL_BODY, HTTP_SERVER, $HTTP_GET_VARS['error_id'], $error_text, date("m/d/Y G:i:s"), HTTP_SERVER . $REQUEST_URI, $REMOTE_ADDR, $HTTP_USER_AGENT, $HTTP_REFERER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');
 }

// Save the HTTP Error Report to disk

if (STORE_HTTP_ERROR == 'true') {
// change of 1.5 : check if there is there is a path given in the admin, if not store it ot catalog\log\http_error.log
if (STORE_HTTP_ERROR_LOG !="")  
{
error_log(strftime(STORE_PARSE_DATE_TIME_FORMAT) . ',' . $HTTP_GET_VARS['error_id'] . ',' . HTTP_SERVER . $REQUEST_URI . ',' . $REMOTE_ADDR . ',' . $HTTP_USER_AGENT . ',' . $HTTP_REFERER . "\n", 3, STORE_HTTP_ERROR_LOG);
}
else
{
error_log(strftime(STORE_PARSE_DATE_TIME_FORMAT) . ',' . $HTTP_GET_VARS['error_id'] . ',' . HTTP_SERVER . $REQUEST_URI . ',' . $REMOTE_ADDR . ',' . $HTTP_USER_AGENT . ',' . $HTTP_REFERER . "\n", 3, DIR_FS_CATALOG . '/log/http_error.log');
}
}

?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<!-- changed for 1.5 css fixed  //-->
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td class="pageHeading"><?php echo sprintf(HEADING_TITLE, $HTTP_GET_VARS['error_id']); ?></td>
           <td class="pageHeading" align="right"><?php IF(IMAGE_REQUIRED == 'true'){ echo tep_image(DIR_WS_IMAGES . 'table_background_specials.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT);}?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><br><table border="0" width="100%" cellspacing="0" cellpadding="2">
         <tr>
           <td class="main"><?php echo sprintf(TEXT_INFORMATION, $error_text)?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td align="right" class="main"><br><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>
     </tr>
   </table>
<?php //this is where I added the advanced Search
 echo tep_draw_form('advanced_search', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false), 'get', 'onSubmit="return check_form(this);"') . tep_hide_session_id(); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td class="pageHeading"><?php echo HEADING_TITLE_1; ?></td>
           <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_browse.gif', HEADING_TITLE_1, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 if ($messageStack->size('search') > 0) {
?>
     <tr>
       <td><?php echo $messageStack->output('search'); ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 }
?>
     <tr>
       <td>
<?php
 $info_box_contents = array();
 $info_box_contents[] = array('text' => HEADING_SEARCH_CRITERIA);

 new infoBoxHeading($info_box_contents, true, true);

 $info_box_contents = array();
 $info_box_contents[] = array('text' => tep_draw_input_field('keywords', '', 'style="width: 100%"'));
 $info_box_contents[] = array('align' => 'right', 'text' => tep_draw_checkbox_field('search_in_description', '1') . ' ' . TEXT_SEARCH_IN_DESCRIPTION);

 new infoBox($info_box_contents);
?>
       </td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
         <tr>
           <td class="smallText"><?php echo '<a href="javascript:popupWindow(\'' . tep_href_link(FILENAME_POPUP_SEARCH_HELP) . '\')">' . TEXT_SEARCH_HELP_LINK . '</a>'; ?></td>
           <td class="smallText" align="right"><?php echo tep_image_submit('button_search.gif', IMAGE_BUTTON_SEARCH); ?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td class="fieldKey"><?php echo ENTRY_CATEGORIES; ?></td>
               <td class="fieldValue"><?php echo tep_draw_pull_down_menu('categories_id', tep_get_categories(array(array('id' => '', 'text' => TEXT_ALL_CATEGORIES)))); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"> </td>
               <td class="smallText"><?php echo tep_draw_checkbox_field('inc_subcat', '1', true) . ' ' . ENTRY_INCLUDE_SUBCATEGORIES; ?></td>
             </tr>
             <tr>
               <td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_MANUFACTURERS; ?></td>
               <td class="fieldValue"><?php echo tep_draw_pull_down_menu('manufacturers_id', tep_get_manufacturers(array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS)))); ?></td>
             </tr>
             <tr>
               <td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_PRICE_FROM; ?></td>
               <td class="fieldValue"><?php echo tep_draw_input_field('pfrom'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_PRICE_TO; ?></td>
               <td class="fieldValue"><?php echo tep_draw_input_field('pto'); ?></td>
             </tr>
             <tr>
               <td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_DATE_FROM; ?></td>
               <td class="fieldValue"><?php echo tep_draw_input_field('dfrom', DOB_FORMAT_STRING, 'onFocus="RemoveFormatString(this, \'' . DOB_FORMAT_STRING . '\')"'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_DATE_TO; ?></td>
               <td class="fieldValue"><?php echo tep_draw_input_field('dto', DOB_FORMAT_STRING, 'onFocus="RemoveFormatString(this, \'' . DOB_FORMAT_STRING . '\')"'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
   </table></form></td>
<!-- body_text_eof //-->
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
   </table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

Can anyone point me in the right direction of what needs fixing please.

 

Thanks


Getting better with mods but no programmer am I.

Share this post


Link to post
Share on other sites

Hi I was using Mcafee a few days ago and it highlighted the http_error.php had a potential issue with cross scripting, I thought I had all my files sorted with the security updates but this one was only flagged recently so I just dont know anymore.

 

 

below is the code for the file, but I dont understand.

 

Ensure that parameters and user input are sanitized by doing the following:

# Remove < input and replace with <

# Remove > input and replace with >

# Remove ' input and replace with '

# Remove " input and replace with "

# Remove ) input and replace with )

# Remove ( input and replace with (

<?php
/*
 $Id: http_error.php,v 1.5
 2004/06/30 20:55:23 chaicka Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2004 osCommerce

 Released under the GNU General Public License
*/
 require('includes/application_top.php');

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_HTTP_ERROR);
 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADVANCED_SEARCH);

 switch ($HTTP_GET_VARS['error_id']) {
    case '400':  $error_text = ERROR_400_DESC; break;
    case '401':  $error_text = ERROR_401_DESC; break;
    case '403':  $error_text = ERROR_403_DESC; break;
    case '404':  $error_text = ERROR_404_DESC; break;
    case '405':  $error_text = ERROR_405_DESC; break;
    case '408':  $error_text = ERROR_408_DESC; break;
    case '415':  $error_text = ERROR_415_DESC; break;
    case '416':  $error_text = ERROR_416_DESC; break;
    case '417':  $error_text = ERROR_417_DESC; break;
    case '500':  $error_text = ERROR_500_DESC; break;
    case '501':  $error_text = ERROR_501_DESC; break;
    case '502':  $error_text = ERROR_502_DESC; break;
    case '503':  $error_text = ERROR_503_DESC; break;
    case '504':  $error_text = ERROR_504_DESC; break;
    case '505':  $error_text = ERROR_505_DESC; break;
    default:     $error_text = UNKNOWN_ERROR_DESC; break;
 }

// Send the HTTP Error to Store Owner
 if (EMAIL_HTTP_ERROR == 'true') {
   tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_TEXT_SUBJECT, sprintf(EMAIL_BODY, HTTP_SERVER, $HTTP_GET_VARS['error_id'], $error_text, date("m/d/Y G:i:s"), HTTP_SERVER . $REQUEST_URI, $REMOTE_ADDR, $HTTP_USER_AGENT, $HTTP_REFERER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, '');
 }

// Save the HTTP Error Report to disk

if (STORE_HTTP_ERROR == 'true') {
// change of 1.5 : check if there is there is a path given in the admin, if not store it ot catalog\log\http_error.log
if (STORE_HTTP_ERROR_LOG !="")  
{
error_log(strftime(STORE_PARSE_DATE_TIME_FORMAT) . ',' . $HTTP_GET_VARS['error_id'] . ',' . HTTP_SERVER . $REQUEST_URI . ',' . $REMOTE_ADDR . ',' . $HTTP_USER_AGENT . ',' . $HTTP_REFERER . "\n", 3, STORE_HTTP_ERROR_LOG);
}
else
{
error_log(strftime(STORE_PARSE_DATE_TIME_FORMAT) . ',' . $HTTP_GET_VARS['error_id'] . ',' . HTTP_SERVER . $REQUEST_URI . ',' . $REMOTE_ADDR . ',' . $HTTP_USER_AGENT . ',' . $HTTP_REFERER . "\n", 3, DIR_FS_CATALOG . '/log/http_error.log');
}
}

?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<!-- changed for 1.5 css fixed  //-->
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td class="pageHeading"><?php echo sprintf(HEADING_TITLE, $HTTP_GET_VARS['error_id']); ?></td>
           <td class="pageHeading" align="right"><?php IF(IMAGE_REQUIRED == 'true'){ echo tep_image(DIR_WS_IMAGES . 'table_background_specials.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT);}?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><br><table border="0" width="100%" cellspacing="0" cellpadding="2">
         <tr>
           <td class="main"><?php echo sprintf(TEXT_INFORMATION, $error_text)?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td align="right" class="main"><br><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>
     </tr>
   </table>
<?php //this is where I added the advanced Search
 echo tep_draw_form('advanced_search', tep_href_link(FILENAME_ADVANCED_SEARCH_RESULT, '', 'NONSSL', false), 'get', 'onSubmit="return check_form(this);"') . tep_hide_session_id(); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td class="pageHeading"><?php echo HEADING_TITLE_1; ?></td>
           <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_browse.gif', HEADING_TITLE_1, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 if ($messageStack->size('search') > 0) {
?>
     <tr>
       <td><?php echo $messageStack->output('search'); ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 }
?>
     <tr>
       <td>
<?php
 $info_box_contents = array();
 $info_box_contents[] = array('text' => HEADING_SEARCH_CRITERIA);

 new infoBoxHeading($info_box_contents, true, true);

 $info_box_contents = array();
 $info_box_contents[] = array('text' => tep_draw_input_field('keywords', '', 'style="width: 100%"'));
 $info_box_contents[] = array('align' => 'right', 'text' => tep_draw_checkbox_field('search_in_description', '1') . ' ' . TEXT_SEARCH_IN_DESCRIPTION);

 new infoBox($info_box_contents);
?>
       </td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
         <tr>
           <td class="smallText"><?php echo '<a href="javascript:popupWindow(\'' . tep_href_link(FILENAME_POPUP_SEARCH_HELP) . '\')">' . TEXT_SEARCH_HELP_LINK . '</a>'; ?></td>
           <td class="smallText" align="right"><?php echo tep_image_submit('button_search.gif', IMAGE_BUTTON_SEARCH); ?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td class="fieldKey"><?php echo ENTRY_CATEGORIES; ?></td>
               <td class="fieldValue"><?php echo tep_draw_pull_down_menu('categories_id', tep_get_categories(array(array('id' => '', 'text' => TEXT_ALL_CATEGORIES)))); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"> </td>
               <td class="smallText"><?php echo tep_draw_checkbox_field('inc_subcat', '1', true) . ' ' . ENTRY_INCLUDE_SUBCATEGORIES; ?></td>
             </tr>
             <tr>
               <td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_MANUFACTURERS; ?></td>
               <td class="fieldValue"><?php echo tep_draw_pull_down_menu('manufacturers_id', tep_get_manufacturers(array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS)))); ?></td>
             </tr>
             <tr>
               <td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_PRICE_FROM; ?></td>
               <td class="fieldValue"><?php echo tep_draw_input_field('pfrom'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_PRICE_TO; ?></td>
               <td class="fieldValue"><?php echo tep_draw_input_field('pto'); ?></td>
             </tr>
             <tr>
               <td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_DATE_FROM; ?></td>
               <td class="fieldValue"><?php echo tep_draw_input_field('dfrom', DOB_FORMAT_STRING, 'onFocus="RemoveFormatString(this, \'' . DOB_FORMAT_STRING . '\')"'); ?></td>
             </tr>
             <tr>
               <td class="fieldKey"><?php echo ENTRY_DATE_TO; ?></td>
               <td class="fieldValue"><?php echo tep_draw_input_field('dto', DOB_FORMAT_STRING, 'onFocus="RemoveFormatString(this, \'' . DOB_FORMAT_STRING . '\')"'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
   </table></form></td>
<!-- body_text_eof //-->
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
   </table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

Can anyone point me in the right direction of what needs fixing please.

 

Thanks

CAN SOMEONE PLEASE ADVISE ??

 

Thanks


Getting better with mods but no programmer am I.

Share this post


Link to post
Share on other sites

Johnny,

 

Correct me if I am wrong, but osCommerce doesn't have a file named http_error.php

 

 

Was this from a contribution ?

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Hi,

 

As it is causing you a problem with mcAfee, and it only produces custom error pages, then why not just un-install it and use your cpanel to create custom error documents with a hyperlink back to your home page?


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

Hi,

 

As it is causing you a problem with mcAfee, and it only produces custom error pages, then why not just un-install it and use your cpanel to create custom error documents with a hyperlink back to your home page?

 

Because I am thick and don't know how to get it to work the same as this add on and until recently it wasn't an issue, the error pages bring up the site template and the advanced search page.

 

I was hoping that I could get some help on how to address the issue so the cross scripting error was removed.

 

The contribution works well otherwise


Getting better with mods but no programmer am I.

Share this post


Link to post
Share on other sites

×