Latest News: (loading..)
mcmannehan

Ultimate SEO URLS5

13 posts in this topic

I find out that Ultimate SEO URLS5 have an issue with product links.

 

If a product have Products Attributes than there create a link in the navbar modules shoping cart like this:

catalog/product_info.php?products_id=160{4}31

After you click on it, a 404 error appears.

 

We only need a product link like catalog/product_info.php?products_id=160

So i did the follow:

open

catalog/includes/modules/navbar_modules/templates/shopping_cart.php

Find:

foreach ($products as $k => $v) {
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
} 

and add the preg_replace

foreach ($products as $k => $v) {
  $v['id'] = preg_replace('~(.*){[^{]+$~', '\\1', $v['id']);
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
} 

The preg_replace will delete all characters after the { and the { itself.

May be this REGEX its a atomic bomb on a small bird and may be there is a more easy solution.

But this works. Tested in osC 2.3.x.

 

 

 

 

 

Share this post


Link to post
Share on other sites

error in my preg_replace

 

have to change to:

$v['id'] = preg_replace('~[{](.*)+$~', '', $v['id'], 1);

this works perfect, also if product have more products attributes

Share this post


Link to post
Share on other sites

{ and } in a URL Query String are a known problem, and have been discussed quite a bit. Curly braces are banned by a number of hosts as some sort of security issue. I don't know what the official replacement will be for this syntax.

mcmannehan likes this

Share this post


Link to post
Share on other sites

@@MrPhil

I don't know why the URL link is created with the curly braces. So i remove them.

Share this post


Link to post
Share on other sites

@@MrPhil

I don't know why the URL link is created with the curly braces. So i remove them.

 

its for options/attributes , when you use the link to return to the product the options choosen and shown in the cart product will be auto selected on the product info page.

mcmannehan likes this

Share this post


Link to post
Share on other sites

Posted (edited)

@@activeebiz

 

its for options/attributes , when you use the link to return to the product the options choosen and shown in the cart product will be auto selected on the product info page.

 
I think this isn't necessary. Curly braces in the link are banned by a lot of hosters.

Edited by mcmannehan

Share this post


Link to post
Share on other sites

Well, yeah. Some time ago, someone chose the syntax "{nn}" for options and attributes in osC. Later, hackers found they could abuse systems by using "{nn}" syntax, so many hosts banned (disabled) the use of braces in Query Strings. Unfortunately, this creates a problem for osC stores that use options and attributes, and the syntax will have to be changed to fix the problem.

 

If you are seeing "{nn}" in your Query Strings, it means you are using options and/or attributes. Simply filtering them out is going to break your system in some way, hopefully minor (such as not having options preselected when returning to the cart). It would be better to fix the underlying problem (change the syntax).

Share this post


Link to post
Share on other sites

Posted (edited)

@@MrPhil

 

Well, yeah. Some time ago, someone chose the syntax "{nn}" for options and attributes in osC. Later, hackers found they could abuse systems by using "{nn}" syntax, so many hosts banned (disabled) the use of braces in Query Strings. Unfortunately, this creates a problem for osC stores that use options and attributes, and the syntax will have to be changed to fix the problem.
 
If you are seeing "{nn}" in your Query Strings, it means you are using options and/or attributes. Simply filtering them out is going to break your system in some way, hopefully minor (such as not having options preselected when returning to the cart). It would be better to fix the underlying problem (change the syntax).

 
Since i filter them out, my system is still running very well, nothing breaks. I filter them out only in the product link of the cart modul in the header here: catalog/includes/modules/navbar_modules/templates/shopping_cart.php

Edited by mcmannehan

Share this post


Link to post
Share on other sites
On 3/12/2017 at 1:54 PM, mcmannehan said:

I find out that Ultimate SEO URLS5 have an issue with product links.

 

If a product have Products Attributes than there create a link in the navbar modules shoping cart like this:

catalog/product_info.php?products_id=160{4}31

After you click on it, a 404 error appears.

 

We only need a product link like catalog/product_info.php?products_id=160

So i did the follow:

open

catalog/includes/modules/navbar_modules/templates/shopping_cart.php

Find:


foreach ($products as $k => $v) {
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
} 

and add the preg_replace


foreach ($products as $k => $v) {
  $v['id'] = preg_replace('~(.*){[^{]+$~', '\\1', $v['id']);
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
} 

The preg_replace will delete all characters after the { and the { itself.

May be this REGEX its a atomic bomb on a small bird and may be there is a more easy solution.

But this works. Tested in osC 2.3.x.

 

I have the same problem as you, and know it is all repair 

 

 

 

4

 

Share this post


Link to post
Share on other sites

products_id=160{4}31

This problem has been discussed many times before. Apparently the Query String notation xxx{xxx}xxx (used for attributes) can be used for exploits, so for security reasons, many servers are removing the { } or otherwise disabling them, resulting in 404 errors. Whatever code in osC or add-ons that uses this { } notation will have to be fixed, but I haven't heard anything about progress on it. Simply removing the product attribute portion of the Query String (as you did) does not really fix the problem, although it will do as a temporary workaround.

Share this post


Link to post
Share on other sites

Hi,

a  bit easier would be to use (int)$v['id'] in that case.

Best regards

Christoph

Share this post


Link to post
Share on other sites
12 hours ago, MrPhil said:

 

 

This problem has been discussed many times before. Apparently the Query String notation xxx{xxx}xxx (used for attributes) can be used for exploits, so for security reasons, many servers are removing the { } or otherwise disabling them, resulting in 404 errors. Whatever code in osC or add-ons that uses this { } notation will have to be fixed, but I haven't heard anything about progress on it. Simply removing the product attribute portion of the Query String (as you did) does not really fix the problem, although it will do as a temporary workaround.

after 17 years of osC now fix for that. Thats a shame...

Share this post


Link to post
Share on other sites

Avoid use of curly brackets. It is usually taken as a security concern by many hosts

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now