Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Recommended Posts

In contact_us.php, around line 79, there is this ..

<?php echo tep_draw_form('contact_us', tep_href_link('contact_us.php', 'action=send'), 'post', 'class="form-horizontal"', true); ?>

Here, it is calling the tep_href_link() function. The tep_href_link() function starts off with this:

// The HTML href link wrapper function
  function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
    global $request_type, $session_started, $SID;

    $page = tep_output_string($page);

    if (!tep_not_null($page)) {
      die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine the page link!<br /><br />');
    }

    if ($connection == 'NONSSL') {
      $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
    } elseif ($connection == 'SSL') {
      if (ENABLE_SSL == true) {
        $link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
      } else {
        $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
      }
    } else {
      die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine connection method on a link!<br /><br />Known methods: NONSSL SSL</strong><br /><br />');
    }

If I read this correctly, if no $connection variable is passed, it defaults to 'NONSSL', and $link resolves to HTTP_SERVER . DIR_WS_HTTP_CATALOG.

 

So, this creates a non-ssl link, resulting in a 'Page with insecure content' error.

 

 

To test this, I changed the line in contact_us.php to:

<?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send', 'SSL'), 'post', '', true); ?>

Now, the site passed the SSL Check.

 

Is this the correct way to fix this?

 

Malcolm

Link to comment
Share on other sites

Yep, I think that would work, but if you change your whole site to https then the problem will be fixed it too.

 

Following this thread to do that, simple change to the .htaccess file configure.php file.

 

http://www.oscommerce.com/forums/topic/410451-time-to-get-secure-if-you-havent-already/

 

Hope that helps

Mike

osC CE live - developing osC Phoenix adding modules with no core changes(awesome and easy!)

Link to comment
Share on other sites

@MikepoI

 

Thanks. I have changed my whole site to full-time SSL, but when I tested the site on one of the SSL test sites, this one file came up having this error.

 

Malcolm

 

(now just trying to got my Shipping Quote modal popup to work under the SSL)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...