Jump to content
burt

Responsive osCommerce - Bootstrap

Recommended Posts


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

which again points to the url containing the attribs part {x}x{x}x is failing as the action functions on items with no attrib parameters in the url.

I found this, which suggests that PHP at some point will attempt to evaluate {x} as x: http://stackoverflow.com/questions/2596837/curly-braces-in-string-in-php . I don't know if this is formally defined anywhere between Apache, browsers, and PHP, but it may be something that slipped between the cracks, and depends on who exactly wrote what software subsystem!

 

If the authors really want to end up with a string that contains "{x}", it might be prudent to URLencode it before letting it loose into URL parameter passing. That is, { and } would be replaced by %7B and %7D.

Share this post


Link to post
Share on other sites

I found this, which suggests that PHP at some point will attempt to evaluate {x} as x: http://stackoverflow.com/questions/2596837/curly-braces-in-string-in-php . I don't know if this is formally defined anywhere between Apache, browsers, and PHP, but it may be something that slipped between the cracks, and depends on who exactly wrote what software subsystem!

 

If the authors really want to end up with a string that contains "{x}", it might be prudent to URLencode it before letting it loose into URL parameter passing. That is, { and } would be replaced by %7B and %7D.

 

@@burt

@@MrPhil You got it, I amended the remove url from

shopping_cart.php?products_id=1{4}1{3}5&action=remove_product

to

shopping_cart.php?products_id=1%7B4%7D1%7B3%7D5&action=remove_product

and it works so it related to the {x} in the urls.

Share this post


Link to post
Share on other sites

I fixed this by changing in shopping_cart.php

$products_name .= '  <td valign="top" align="center"><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $products[$i]['id']) . '">' . tep_image(DIR_WS_IMAGES . $products[$i]['image'], $products[$i]['name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) . '</a></td>' .
                        '  <td valign="top"><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $products[$i]['id']) . '"><strong>' . $products[$i]['name'] . '</strong></a>';

to

$products_name .= '  <td valign="top" align="center"><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . urlencode($products[$i]['id'])) . '">' . tep_image(DIR_WS_IMAGES . $products[$i]['image'], $products[$i]['name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) . '</a></td>' .
                        '  <td valign="top"><a href="' . tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . urlencode($products[$i]['id'])) . '"><strong>' . $products[$i]['name'] . '</strong></a>';

and

$products_name .= '<br>' . tep_draw_input_field('cart_quantity[]', $products[$i]['quantity'], 'style="width: 65px;" min="0"', 'number') . tep_draw_hidden_field('products_id[]', $products[$i]['id']) . ' ' . tep_draw_button(CART_BUTTON_UPDATE, 'fa fa-refresh', NULL, NULL, NULL, 'btn-info btn-xs') . ' ' . tep_draw_button(CART_BUTTON_REMOVE, 'fa fa-remove', tep_href_link(FILENAME_SHOPPING_CART, 'products_id=' . $products[$i]['id'] . '&action=remove_product'), NULL, NULL, 'btn-danger btn-xs');

to

$products_name .= '<br>' . tep_draw_input_field('cart_quantity[]', $products[$i]['quantity'], 'style="width: 65px;" min="0"', 'number') . tep_draw_hidden_field('products_id[]', $products[$i]['id']) . ' ' . tep_draw_button(CART_BUTTON_UPDATE, 'fa fa-refresh', NULL, NULL, NULL, 'btn-info btn-xs') . ' ' . tep_draw_button(CART_BUTTON_REMOVE, 'fa fa-remove', tep_href_link(FILENAME_SHOPPING_CART, ' products_id=' . urlencode($products[$i]['id']) . '&action=remove_product'), NULL, NULL, 'btn-danger btn-xs');

this seems to be working but probably not the ideal way to do it?

Share this post


Link to post
Share on other sites

Good to hear you're making progress. urlencode() (http://php.net/manual/en/function.urlencode.php) may do the job, but be careful not to accidentally introduce HTML entity names (which will be processed).

Thats what i have done but only on the two functions (remove from cart and product link in cart) will see if @@burt thinks it needs changing in core as it breaks on my host and possibly others.

I tried on php 5.5 & 5.6

Share this post


Link to post
Share on other sites

I received a reply from my host

 

 

I would like to inform you that some of the attributes like flower brackets in the URL's are not allowed in our server. Thus, you were facing the issues in the OsCommerce application product URL's. To protect the server from the hack or from any Brute force attack, we have disabled to pass the { } within URL's.

I request you please remove the flower brackets '{ }' from the OSCommerec application product URL's, so that you can work with the application without any issues

 

@@burt would it not be prudent to urlencode() these urls from a core level to increase compatibility with hosts?

I have patched my shopping_cart are there any other occurences of where the attribes {x} are passed in the url so I can fix them?

Share this post


Link to post
Share on other sites

If some hosts are banning {} curly braces as a security measure, perhaps the best long-term solution would be to use something else in the Query String. Are they being used only as separators (use : colon instead), or are they indicating some sort of nesting or depth?

Share this post


Link to post
Share on other sites

If some hosts are banning {} curly braces as a security measure, perhaps the best long-term solution would be to use something else in the Query String. Are they being used only as separators (use : colon instead), or are they indicating some sort of nesting or depth?

 

Colon would also need to be encoded for a valid url. If you want to avoid the need to encode anywhere, you have to choose from specifically unreserved characters: a-zA-Z0-9\-._~

 

see http://stackoverflow.com/questions/23064605/when-if-ever-should-characters-like-and-curly-braces-be-percent-encoded


For a new install or if your store isn't mobile-friendly, get the community-supported responsive osCommerce (Phoenix).

here: on the official osc download page

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Share this post


Link to post
Share on other sites

Colon would also need to be encoded for a valid url. If you want to avoid the need to encode anywhere, you have to choose from specifically unreserved characters: a-zA-Z0-9\-._~

 

see http://stackoverflow.com/questions/23064605/when-if-ever-should-characters-like-and-curly-braces-be-percent-encoded

 

@@burt

@@Harald Ponce de Leon

 

Looks like there is a genuine reason for the core to be changed to reflect this for future compatibility, would not be good for OSC to start failing in the future and getting a bad reputation if it can be fixed before people upgrade or install responsive versions.

Share this post


Link to post
Share on other sites

@@ShaGGy Les why don't you push your changes via Github and see if they are accepted.

 

Dan

 

I have only made 2 simple changes in shopping_cart.php (urlencoded the links) but there may be other core changes that are/will be affected by this, I am currently configuring my new site so haven't seen if it affects anything else.

But it does need looking at for the future.

 

edit : I have added it to the issues in github.

Edited by ShaGGy

Share this post


Link to post
Share on other sites

@@ShaGGy Les why don't you push your changes via Github and see if they are accepted.

 

Dan

 

Well I opened it as an issue in github but Burt closed it with the reply

 

'The whole attributes system will be receiving attention at some point in the future.

In the meantime, if anyone else has similar issues, they can refer to your link.

Thanks'

 

I am unsure as to how they are mapping out the future of oscommerce as this says to me that it is pointless installing responsive OSC as it will keep being overhauled and modifying your site could be very difficult until it is developed fully.

 

They have moved onto the admin side when there are things that NEED to be in place for the Shop side first

if you look at the reason to close the issue 'if anyone else has similar issues, they can refer to your link.' this does not fix a fundamental coding issue that is documented as bad programming and inadvisable why not fix these CORE issues first as doing them later means yet again addons being developed will cease to work (like all the current ones dues to the filenames.php being made redundant) and 'The whole attributes system will be receiving attention at some point in the future.' sounds like more things will be broken as look at how many modules are products/price/attribute related (like SPPC&QPBPC).

 

I love OSC but i do have concerns that if the development continues as it is it will do a lot of damage to OSC's future as as we all know Responsive/mobile compatibility needs to be in place now for sites to be accepted by google 2.3.4 (standard) is not responsive and the responsive versions are constantly changing and breaking the latest modules that were wrote for it then when you look at competitors like magento etc they are now fully responsive from the off.

 

This isn`t a moan but

@burt

@Harald Ponce de Leon

please look at how you are taking this forward so as not to discourage users and future users, I know it is a difficult task to upgrade/transistion a system while it is use and full respect for what you are doing.

Share this post


Link to post
Share on other sites

@@ShaGGy

 

Sounds like a moan to me. May be you should post your woes as a bug with the actual oscommerce version and may be it will get changed in the next official version.

Edited by 14steve14

REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

@@ShaGGy

 

Sounds like a moan to me. May be you should post your woes as a bug with the actual oscommerce version and may be it will get changed in the next official version.

 

Read above, I did (actually the same bug/bad code is in the non responsive version) and yes I have found where the problem is and patched it myself and it is working fine on mine. (which was the passing of { } in urls with attribs which is advised against (like i said I have fixed this on my install) so not an issue for me.)

 

My post was more for the future of OSC, its okay for those of us who can fix an addon or modify code to do different actions but what about the ones who don`t know PHP?

The reason Burts making the changes (apart from the responsive part) and changing to modular is so there is no need to modify code when installing and un-installing addons (i.e make it easier for users to install addons like megento has).

 

My concern is OSC is either going to become static/stale having either a non responsive version that is not ideal to install in this day and age or have the responsive version unmodified as the core keeps changing and even most of the most recent BS addons no longer work without modification.

 

Burt as said in his response the attribs will be overhauled in the future, now think of the implications with that and how many addons use pricing,attribs, discounts, etc etc they will all be affected so is there any point in developing/updating any of the addons that currently are not responsive compatible especially if they involve any form of pricing/attribution features?

 

Like I said I don`t need the fix and will be able to get around the future changes but what about the ones who want a responsive site but can`t identify issues and fix code?

They have two options Non responsive OSC or install another ecommerce.

I just think fixing the customer facing side first should be priority and any core code for that side and jazz up the admin side later.

 

I have recommended osc to many people in the past but to be honest I would not at the current time unless I was maintaining it.

Share this post


Link to post
Share on other sites

@@ShaGGy, thanks for bringing the issue with {} in the urls to our attention. This will be looked into. Please be aware that even though using those characters might be advised against, they have been in use for over a decade since the attributes implementation was introduced. I don't recall this being an issue for another person, but you are totally right that it should be addressed to work on tightly secured web servers.


:heart:, osCommerce

Share this post


Link to post
Share on other sites

Where Can a store owner find the History of the Changes or what in the BS every time new is.

A friend of mine told me that in the new Release Header Tags and Testimonials Standard is also in the zip file and you don't have to install it as an addon where can I find that is somewhere a History of Releases ore Mayor Changes Like the Header Tags addon that are implement to the new release?

Share this post


Link to post
Share on other sites

@@ShaGGy if you do not like a decision, the code is all there ready for you to do what you want.  

 

Decisions are made based on many factors.

 

One factor in this case is the fact that you are the only one in 15 years to see this.  There are other factors.

 

Don't like a decision?  Move on.  Stop banging your drum.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

Please be aware that even though using those characters might be advised against, they have been in use for over a decade since the attributes implementation was introduced. I don't recall this being an issue for another person, but you are totally right that it should be addressed to work on tightly secured web servers.

 

Well, PHP has a long history of tolerating things which technically have been illegal. One day someone modifies PHP to more closely conform to the "standard" (if there is such a thing), and bang!, an application such as osC doesn't work any more. There's no telling if it even was a deliberate change, or just an incidental side effect when someone was working on something else. It happens. I'm not sure where in the Apache/PHP/browser stack that {} pairs are now starting to be interpreted as expressions (or maybe, no longer interpreted, or are forbidden), but it's something that we have to accept will happen from time to time, and update osC to conform with current practices.

 

Speaking of which, welcome back to activity... it's good to see you're alive and kicking. Please, please, please give strong consideration to immediately and officially adopting 2.3.4BS as the official 2.3.5 or 2.4 ASAP, so we can get on with having only one official release and not induce massive confusion by having a competing community-supported branch where all the development is going on. Otherwise, you risk having a de facto fork of osC, which will turn into a competing product.

Share this post


Link to post
Share on other sites

One factor in this case is the fact that you are the only one in 15 years to see this.  There are other factors.

PHP/Apache/browsers have changed. What used to be technically illegal (but tolerated) no longer is allowed. More and more users are likely to see this. osC needs to be updated.

 

Don't like a decision?  Move on.  Stop banging your drum.

I think that's being a bit harsh. This is a known PHP/Apache/browser issue (I'm not sure where) which is likely to show up more and more as time goes on. Let's get on top of it before it buries us.

Share this post


Link to post
Share on other sites

@@MrPhil decision is made and final.  If this user wants it his way, he forks and does it himself or he gets the core code of official osCommerce changed.  The community based version is not the place for changes in the mechanics of osCommerce.

 

What I do is done in my time, my schedule, my way.  Anyone doesn't like it...they know what they can do.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

PHP/Apache/browsers have changed. What used to be technically illegal (but tolerated) no longer is allowed. More and more users are likely to see this. osC needs to be updated.

This problem is not related to a change in web servers. I work with Apache, Nginx,and IIS and have not come across this problem.

 

This problem has to do with a server that has been configured to be super duper tightly secured - more than likely with Apache's mod_security filtering the characters from the URL.

 

Regarding BS, an announcement will be made this week.


:heart:, osCommerce

Share this post


Link to post
Share on other sites

you risk having a de facto fork of osC, which will turn into a competing product.

 

This won't ever happen while I am Captain of the (responsive) Ship.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites

@@ShaGGy if you do not like a decision, the code is all there ready for you to do what you want.  

 

Decisions are made based on many factors.

 

One factor in this case is the fact that you are the only one in 15 years to see this.  There are other factors.

 

Don't like a decision?  Move on.  Stop banging your drum.

 

Burt if you read my post i have said I have moved on from the {} issue and to be honest it makes no difference to me as I have already fixed the issue on my install.

 

My post was more aimed at the fragmentation of OSC at the moment i,e modules wrote only weeks ago no longer work due to the filenames change and is there any point in updating modules to be BS comaptible when you have said you will be overhauling the attribs section?

 

I was more concerned that you have moved onto the admin side when there are clearly things remaining on the catalog side that you intend to do and would it not be prudent to do that side first so that the modules can be updated to the point where they won`t break the customer side of osc in future changes?

I wanted to install and update SPPC with QPB which was a nightmare to get fully working but is there any point if you are making further price/product related changes in the future which will undoubtedly break the addons, yes the admin side would break also but at least it wont shut sites down.

The only other option is to stay static and not install modules (if you are not PHP savvy).

To be honest would you recommend OSC for a new website in its current state

2.3.4 non responsive (bad) but modules work (good)

2.3.4 responsive (good) but most modules don`t work (bad) and cant really release updates due to ongoing changes.

or install a rival cart that does both of the above?

 

Like I say it doesn`t affect me personally I am thinking of OSC as a brand and its future as you know once someone changes to a new cart and it works they are unlikely to move away from it.

 

Please don`t take what i have said personally it is NOT a ATTACK on you or your work I am just thinking from a users point of view.

 

Share this post


Link to post
Share on other sites

What I do is done in my time, my schedule, my way.  Anyone doesn't like it...they know what they can do.

 

 

I could not care less about addons.  

 

So, bear these things in mind next time you feel the need to post more words aimed at me. 

Edited by burt

This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest Responsive osCommerce CE (community edition) here

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×