♥kymation Posted January 7, 2011 Share Posted January 7, 2011 The formid is automatically generated by osCommerce as a security feature for customer generated input. I think that it was not well thought out. It works fine for POST data but fails miserably when the form is submitted via GET. I should probably file a bug report. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
PupStar Posted January 7, 2011 Author Share Posted January 7, 2011 The formid is automatically generated by osCommerce as a security feature for customer generated input. I think that it was not well thought out. It works fine for POST data but fails miserably when the form is submitted via GET. I should probably file a bug report. Regards Jim I will file a bug report but do you forsee any problems if I comment out the code below??? //// // Output a form function tep_draw_form($name, $action, $method = 'post', $parameters = '', $tokenize = false) { global $sessiontoken; $form = '<form name="' . tep_output_string($name) . '" action="' . tep_output_string($action) . '" method="' . tep_output_string($method) . '"'; if (tep_not_null($parameters)) $form .= ' ' . $parameters; $form .= '>'; //if ( ($tokenize == true) && isset($sessiontoken) ) { //$form .= '<input type="hidden" name="formid" value="' . tep_output_string($sessiontoken) . '" />'; //} return $form; } Link to comment Share on other sites More sharing options...
♥kymation Posted January 7, 2011 Share Posted January 7, 2011 That should not be necessary, and it will reintroduce a security vulnerability that the formid was designed to fix. You should be able to stop the formid from appearing by setting the last parameter to false, or by just leaving it blank. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
PupStar Posted January 7, 2011 Author Share Posted January 7, 2011 That should not be necessary, and it will reintroduce a security vulnerability that the formid was designed to fix. You should be able to stop the formid from appearing by setting the last parameter to false, or by just leaving it blank. Regards Jim Thanks Jim, that worked. I will be jiggered if I can see why the bloomin links aint working correctly when I select a make and model and click find urgh >_< Link to comment Share on other sites More sharing options...
blairh Posted January 8, 2011 Share Posted January 8, 2011 Jim that database advice you gave will it work for my issue.. ever since i tried installing a new box iv had an error installing boxes, it wont let me install the category box or what's new, it give the option to edit the boxes, but when you click the edit button it chooses boxes that are already installed.. very weird I DONT know if that makes sense.. but I was thinking if it would help better I could create a temporary login for you to see what I mean. regards BlairH Link to comment Share on other sites More sharing options...
PupStar Posted January 8, 2011 Author Share Posted January 8, 2011 Jim that database advice you gave will it work for my issue.. ever since i tried installing a new box iv had an error installing boxes, it wont let me install the category box or what's new, it give the option to edit the boxes, but when you click the edit button it chooses boxes that are already installed.. very weird I DONT know if that makes sense.. but I was thinking if it would help better I could create a temporary login for you to see what I mean. regards BlairH BlairH, If you would like to pm me I will have a look for you as I have my boxes running fine, also post the code for your infobox just to double check it. Mark Link to comment Share on other sites More sharing options...
blairh Posted January 8, 2011 Share Posted January 8, 2011 iv removed my custom boxes, due to the errors that occurred after having them. but here are them anyways. bm_brands.php <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2010 osCommerce Released under the GNU General Public License */ class bm_brands { var $code = 'bm_brands'; var $group = 'boxes'; var $title; var $description; var $sort_order; var $enabled = false; function bm_brands() { $this->title = MODULE_BOXES_BRANDS_TITLE; $this->description = MODULE_BOXES_BRANDS_DESCRIPTION; if ( defined('MODULE_BOXES_BRANDS_STATUS') ) { $this->sort_order = MODULE_BOXES_BRANDS_SORT_ORDER; $this->enabled = (MODULE_BOXES_BRANDS_STATUS == 'True'); $this->group = ((MODULE_BOXES_BRANDS_CONTENT_PLACEMENT == 'Left Column') ? 'boxes_column_left' : 'boxes_column_right'); } } function execute() { global $oscTemplate; $data = '<div class="ui-widget infoBoxContainer">' . ' <div class="ui-widget-header infoBoxHeading">' . MODULE_BOXES_BRANDS_BOX_TITLE . '</div>' . ' <div class="ui-widget-content infoBoxContents">' . ' <a href="' . tep_href_link(FILENAME_SHIPPING) . '">' . MODULE_BOXES_BRANDS_BOX_SHIPPING . '</a><br />' . ' <a href="' . tep_href_link(FILENAME_PRIVACY) . '">' . MODULE_BOXES_BRANDS_BOX_PRIVACY . '</a><br />' . ' <a href="' . tep_href_link(FILENAME_CONDITIONS) . '">' . MODULE_BOXES_BRANDS_BOX_CONDITIONS . '</a><br />' . ' <a href="' . tep_href_link(FILENAME_CONTACT_US) . '">' . MODULE_BOXES_BRANDS_BOX_CONTACT . '</a>' . ' </div>' . '</div>'; $oscTemplate->addBlock($data, $this->group); } function isEnabled() { return $this->enabled; } function check() { return defined('MODULE_BOXES_BRANDS_STATUS'); } function install() { tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable Information Module', 'MODULE_BOXES_BRANDS_STATUS', 'True', 'Do you want to add the module to your shop?', '6', '1', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())"); tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Content Placement', 'MODULE_BOXES_BRANDS_CONTENT_PLACEMENT', 'Left Column', 'Should the module be loaded in the left or right column?', '6', '1', 'tep_cfg_select_option(array(\'Left Column\', \'Right Column\'), ', now())"); tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort Order', 'MODULE_BOXES_BRANDS_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '0', now())"); } function remove() { tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key in ('" . implode("', '", $this->keys()) . "')"); } function keys() { return array('MODULE_BOXES_BRANDS_STATUS', 'MODULE_BOXES_BRANDS_CONTENT_PLACEMENT', 'MODULE_BOXES_BRANDS_SORT_ORDER'); } } ?> bm_brands.php <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2010 osCommerce Released under the GNU General Public License */ define('MODULE_BOXES_BRANDS_TITLE', 'Information'); define('MODULE_BOXES_BRANDS_DESCRIPTION', 'Show information page links'); define('MODULE_BOXES_BRANDS_BOX_TITLE', 'Information'); define('MODULE_BOXES_BRANDS_BOX_PRIVACY', 'Privacy Notice'); define('MODULE_BOXES_BRANDS_BOX_CONDITIONS', 'Conditions of Use'); define('MODULE_BOXES_BRANDS_BOX_SHIPPING', 'Shipping & Returns'); define('MODULE_BOXES_BRANDS_BOX_CONTACT', 'Contact Us'); ?> ill inbox you temp login details Link to comment Share on other sites More sharing options...
♥kymation Posted January 8, 2011 Share Posted January 8, 2011 Yes, you have duplicate/incorrect entries in your database. The easiest solution is to remove all of the modules entries as I stated above. You can then reinstall your modules without the behavior you are seeing. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted May 24, 2011 Share Posted May 24, 2011 Hi I am trying to add the new box and have followed all the information from this thread however it is not working for me. When I go to the admin and click on boxes, it shows a module to add. I click on the module to add and the title comes up as MODULE_BOXES_SWAROVSKI_ELEMENTS_TITLE. I click to install but it won't install. I did the following according to this thread; public_html/includes/modules/boxes/bm_swarovski_elements.php (new file ) <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2010 osCommerce Released under the GNU General Public License */ class bm_swarovski_elements { var $code = 'bm_swarovski_elements'; var $group = 'boxes'; var $title; var $description; var $sort_order; var $enabled = false; function bm_swarovski_elements() { $this->title = MODULE_BOXES_SWAROVSKI_ELEMENTS_TITLE; $this->description = MODULE_BOXES_SWAROVSKI_ELEMENTS_DESCRIPTION; if ( defined('MODULE_BOXES_SWAROVSKI_ELEMENTS_STATUS') ) { $this->sort_order = MODULE_BOXES_SWAROVSKI_ELEMENTS_SORT_ORDER; $this->enabled = (MODULE_BOXES_SWAROVSKI_ELEMENTS_STATUS == 'True'); $this->group = ((MODULE_BOXES_SWAROVSKI_ELEMENTS_CONTENT_PLACEMENT == 'Left Column') ? 'boxes_column_left' : 'boxes_column_right'); } } function execute() { global $oscTemplate; $data = '<div class="ui-widget infoBoxContainer">' . ' <div class="ui-widget-header infoBoxHeading">' . MODULE_BOXES_SWAROVSKI_ELEMENTS_BOX_TITLE . '</div>' . ' <div class="ui-widget-content infoBoxContents">' . ' <a href="' . tep_href_link(FILENAME_SHIPPING) . '">' . MODULE_BOXES_SWAROVSKI_ELEMENTS_BOX_SHIPPING . '</a><br />' . ' <a href="' . tep_href_link(FILENAME_PRIVACY) . '">' . MODULE_BOXES_SWAROVSKI_ELEMENTS_BOX_PRIVACY . '</a><br />' . ' <a href="' . tep_href_link(FILENAME_CONDITIONS) . '">' . MODULE_BOXES_SWAROVSKI_ELEMENTS_BOX_CONDITIONS . '</a><br />' . ' <a href="' . tep_href_link(FILENAME_CONTACT_US) . '">' . MODULE_BOXES_SWAROVSKI_ELEMENTS_BOX_CONTACT . '</a>' . ' </div>' . '</div>'; $oscTemplate->addBlock($data, $this->group); } function isEnabled() { return $this->enabled; } function check() { return defined('MODULE_BOXES_SWAROVSKI_ELEMENTS_STATUS'); } function install() { tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable Swarovski Elements Module', 'MODULE_BOXES_SWAROVSKI_ELEMETS_STATUS', 'True', 'Do you want to add the module to your shop?', '6', '1', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())"); tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Content Placement', 'MODULE_BOXES_SWAROVSKI_ELEMENTS_CONTENT_PLACEMENT', 'Left Column', 'Should the module be loaded in the left or right column?', '6', '1', 'tep_cfg_select_option(array(\'Left Column\', \'Right Column\'), ', now())"); tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort Order', 'MODULE_BOXES_SWAROVSKI_ELEMENTS_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '0', now())"); } function remove() { tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key in ('" . implode("', '", $this->keys()) . "')"); } function keys() { return array('MODULE_BOXES_SWAROVSKI_ELEMENTS_STATUS', 'MODULE_BOXES_SWAROVSKI_ELEMENTS_CONTENT_PLACEMENT', 'MODULE_BOXES_SWAROVSKI_ELEMENTS_SORT_ORDER'); } } ?> I also changed the following file ; public_html/includes/languages/english/modules/boxes and made a new file called bm_swarovski_elements.php <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2010 osCommerce Released under the GNU General Public License */ define('MODULE_BOXES_INFORMATION_TITLE', 'Swarovski Elements'); define('MODULE_BOXES_INFORMATION_DESCRIPTION', 'Swarovski Elements'); define('MODULE_BOXES_INFORMATION_BOX_TITLE', 'Swarovski Elements'); define('MODULE_BOXES_INFORMATION_BOX_PRIVACY', 'Privacy Notice'); define('MODULE_BOXES_INFORMATION_BOX_CONDITIONS', 'Terms of Service'); define('MODULE_BOXES_INFORMATION_BOX_SHIPPING', 'Shipping & Returns'); define('MODULE_BOXES_INFORMATION_BOX_CONTACT', 'Contact Us'); ?> Any suggestions ?? I a totally confused now. Thank you in advance. Tracie Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.