Jump to content
Jack_mcs

OSC Error Handler

Recommended Posts

This addon prevents mysql errors from being displayed on the site. This is important because hackers will deliberately enter an
invalid url to cause a failure, which they use to decide how best to attack it.

It is compatible with all versions of oscommerce and only requires one file change to install.

Share this post


Link to post
Share on other sites

So why does my cursor get stuck in the blue box every time i try to @ someone?

Jack, Twitter typeahead stopped working I and  got a blank page when trying to add to cart after installing this in 2.3.4BS Gold. Both work after putting my backup database.php file in.

Is this correct?

    return mysqli_close($$link);
  }

  function tep_db_error($query, $errno, $error) {
      if (OSCEH_ENABLE == 'false') {
          tep_db_error_Legacy($query, $errno, $error);
      }
      
      global $PHP_SELF;
      include('osc_error_handler.php');
      ob_start();
      debug_print_backtrace();
      $traceback = ob_get_clean();
      $msg = 'Query Error reported on page ' . $PHP_SELF . "\n" . 'MySQL error: ' . $errno . ' - ' . $error . "\n\n" . $query . "\n\n";
      $msg .= 'URI for the page: ' . $_SERVER['REQUEST_URI'] . "\n\n";
      $msg .= 'Backtrace ' . $traceback . "\n\n";
      
      if (OSCEH_FOR_WHO == 'Email' || OSCEH_FOR_WHO == 'Both') {
          $email_address = (tep_not_null(OSCEH_EMAIL_ADDRESS) ? OSCEH_EMAIL_ADDRESS : STORE_OWNER_EMAIL_ADDRESS);
          tep_mail('Stop Notification!', $email_address, 'Critical Store Error!', $msg, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
      }
       
      if (OSCEH_FOR_WHO == 'Log' || OSCEH_FOR_WHO == 'Both') {
          OSC_ErrorHandler($msg);
      }
      
      $msg = '<div>Sorry something went wrong! The error has been reported to the site owner. Please try again by clicking <a href="' . tep_href_link('index.php') . '">here.</a></div>';
      die($msg);
  }  
  
  function tep_db_error_Legacy($query, $errno, $error) { 
 
    if (defined('STORE_DB_TRANSACTIONS') && (STORE_DB_TRANSACTIONS == 'true')) {
      error_log('ERROR: [' . $errno . '] ' . $error . "\n", 3, STORE_PAGE_PARSE_TIME_LOG);
    }

    die('<font color="#000000"><strong>' . $errno . ' - ' . $error . '<br /><br />' . $query . '<br /><br /><small><font color="#ff0000">[TEP STOP]</font></small><br /><br /></strong></font>');
  }

 

Share this post


Link to post
Share on other sites
7 hours ago, Big Bear said:

Is this correct?

Yes, the code is correct. Did you run the database file and upload the new file? Assuming you did, it might be a path issue. Try changing this line

      include('osc_error_handler.php');

to this

      include(DIR_FS_CATALOG .'includes/osc_error_handler.php');

 

Share this post


Link to post
Share on other sites

That's strange. There's really nothing there that should cause the problem you describe that I can see.

Do the failures occur if you have the code installed but the addon disabled via the setting?

If not, does the failures occur if you enable the addon but set the reporting method to just email or just logging?

If there is an error_log file in the shops root, does it show any errors related to this? 

Share this post


Link to post
Share on other sites

Code installed, set it on or off same thing.

I only tried it with email reporting. That part works.

For both product info and twitter typeahead the Error log shows

PHP Warning:  session_start(): Cannot send session cache limiter - headers already sent

and points to line 97 of sessions.php-  return session_start

        unset($HTTP_COOKIE_VARS[tep_session_name()]);

        $sane_session_id = false;
      }
    }

    if ($sane_session_id == false) {
      tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
    }

    register_shutdown_function('session_write_close');

    return session_start();
  }

  function tep_session_register($variable) {
    global $session_started;

    if ($session_started == true) {
      if (PHP_VERSION < 4.3) {
        return session_register($variable);
      } else {
        if (!isset($GLOBALS[$variable])) {
          $GLOBALS[$variable] = null;
        }

        $_SESSION[$variable] =& $GLOBALS[$variable];

 

Share this post


Link to post
Share on other sites
12 hours ago, Big Bear said:

Code installed, set it on or off same thing. 

I only tried it with email reporting. That part works.

I'm confused by these two statements since I thought having the code installed caused a failure but the second statement says it is working?

If the first statement is saying the shop fails with the addon installed and turned off, then there has to be something else causing the problem. When it is turned off, it just calls the function that was there before the addon was installed so the addon code is being bypassed completely.

Share this post


Link to post
Share on other sites

With the extra code added to includes/functions/database.php it works to the extent of reporting an error but it causes typeahead and show cart after add to cart to die. 

With it turned off the added code is still there causing MY site to get 

Cannot send session cache limiter - headers already sent

Without the snippet added these things work.

It's not the only addon that hasn't worked on my special ed site.

Thanks for your time.

 

Share this post


Link to post
Share on other sites

The only thing I can think to suggest is to change

tep_db_error_Legacy($query, $errno, $error);

to

tep_db_error_Legacy($query, $errno, $error);
exit;

 

Share this post


Link to post
Share on other sites

Then I'm out of ideas as to the cause. :( You could place the code in a page, after removing it from that file, and see if it fails that way. If it fails, then there is something in your shop or on the server that is causing it to fail. So on a page like conditions.php, add this after template_top

      include('osc_error_handler.php');
      ob_start();
      debug_print_backtrace();
      $traceback = ob_get_clean();
      $msg = 'Query Error reported on page ' . $PHP_SELF . "\n" . 'MySQL error: ' . $errno . ' - ' . $error . "\n\n" . $query . "\n\n";
      $msg .= 'URI for the page: ' . $_SERVER['REQUEST_URI'] . "\n\n";
      $msg .= 'Backtrace ' . $traceback . "\n\n";
      
      if (OSCEH_FOR_WHO == 'Email' || OSCEH_FOR_WHO == 'Both') {
          $email_address = (tep_not_null(OSCEH_EMAIL_ADDRESS) ? OSCEH_EMAIL_ADDRESS : STORE_OWNER_EMAIL_ADDRESS);
          tep_mail('Stop Notification!', $email_address, 'Critical Store Error!', $msg, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
      }

If it works, then the code is interfering with other code in your shop for some reason.

Share this post


Link to post
Share on other sites

I can't blame the site this time. It was a joint effort of edit pad and I causing a character set mismatch. All better now. Sorry for bothering you.

Actually, I can never blame the site as I am the one that butchered it.

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×