Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Recommended Posts

Hi there

Running 2.3.4.1 CE BS4 pretty much updated with latest changes from the Github as of the 31st may( dont think I have missed any), PHP 7.2.16 etc

Never used Product attributes before but been using them with a vengeance over the last few weeks and now have loads, like them they are helpful and create a off sales

all I thought was working well but just noticed something

Seems to have a issue when someone adds something to the cart, then comes back to it the link to get the the product again, if they added a attribute is something like

/product_info.php?products_id=36696{18}39

this is creating a 404

Now of course before i posted this I spent the last hour trying to find a fix, but although I can see I am not the only one who has has a issue with it I have yet to find a fix, by what everyone is saying its the curly braces, if i remove them from the url it does at least go to the right page but as product attribute has been around so long I am sure someone has a proper fix for it

Could someone point me in the right direction

Kindest regards  David

 

David

Link to comment
Share on other sites

After much more reading it appears the the curly braces are seen as a security issue in the URL which is why my server is not liking them

I have asked my host to confirm and awaiting a reply

If i delete the curly brace and just use a space it seems to work

the only link that i can find so far that is causing the problem is the Nav-bar  shopping cart

Bit concerned that it might also be somewhere else, it seems to be that the fix is to urlencode the URL 

just experimenting on how to do this at the moment, not getting far though, unfortunately working on live shop as my test one is down

 

this is the template file

<li class="nav-item dropdown nb-shopping-cart">
  <a class="nav-link dropdown-toggle" href="#" id="navDropdownCart" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
    <?php echo sprintf(MODULE_NAVBAR_SHOPPING_CART_CONTENTS, $cart->count_contents()); ?>
  </a>
        
  <div class="dropdown-menu<?php echo $menu_align; ?>" aria-labelledby="navDropdownCart">
    <?php 
    echo '<a class="dropdown-item" href="' . tep_href_link('shopping_cart.php') . '">' . sprintf(MODULE_NAVBAR_SHOPPING_CART_HAS_CONTENTS, $cart->count_contents(), $currencies->format($cart->show_total())) . '</a>';
    if ($cart->count_contents() > 0) {
      echo '<div class="dropdown-divider"></div>' . PHP_EOL;    
      $products = $cart->get_products();
      foreach ($products as $k => $v) {
        echo sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']);
      }        
      echo '<div class="dropdown-divider"></div>' . PHP_EOL;
      echo '<a class="dropdown-item" href="' . tep_href_link('checkout_shipping.php', '', 'SSL') . '">' . MODULE_NAVBAR_SHOPPING_CART_CHECKOUT . '</a>' . PHP_EOL;
    }
    ?>
  </div>
</li>

<?php

if i work it out i will post back here

 

regards

David

Link to comment
Share on other sites

by changing to 

echo sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']);

to 

echo sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, urlencode($v['id']), $v['quantity'], $v['name']);

means the url is no longer broken

But i do not think it carries the attributes over as i think it should

the URL is now something like

product_info.php?products_id=36696%7B18%7D46

(36696{18}46)

better than a 404 but not perfect, tired now though was up early

David

David

Link to comment
Share on other sites

This topic is not new -- it has received considerable discussion over the years. If you search out the conversation (google it, don't use the built-in search), you might find some clues on how to move forward with this. I don't recall if there were any good solutions (or near-solutions) found.

Link to comment
Share on other sites

As @MrPhil mentioned, this has been an issue for a long time. When osC was first written, the use of curly braces was acceptable in URLs. At some point in time, the 'internet powers that be' decided that it was no longer acceptable.

As far as I know, this is a core issue in osC, and to resolve it would require major core structural changes. As such, no good solutions have been found.

M

Link to comment
Share on other sites

  • 2 weeks later...

urlencode() of the string with {}'s apparently will work, but is ugly. No one has come up with a better way yet, such as using <>'s or ()'s instead. So long as the replacements don't have a special meaning to URLs, SQL, or PHP, and are not otherwise prohibited, they should work. You could even just write a {} -> () routine instead of urlencode(), but you'll still need to deal with () instead of {} on the receiving end. Core changes either way, but worth it.

Link to comment
Share on other sites

So did Phoenix finally fix this (replace { } by something else) or is it still broken? It is undesirable to urlencode the { }, as it looks tacky (although it does more or less work). Are there enough saved URLs out there to make preserving the use of { } the least evil choice, even though they're unlikely to work anyway (if not urlencoded)?

Link to comment
Share on other sites

Same code as official oscommerce....

if (tep_not_null($parameters)) {
      $link .= $page . '?' . tep_output_string($parameters);
      $separator = '&';
    } else {
      $link .= $page;
      $separator = '?';
    }

 

 

Link to comment
Share on other sites

Try this. It works!

Quote

        echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, current(explode("{", $v['id'])), $v['quantity'], $v['name']) . '</li>';

 

Link to comment
Share on other sites

Thanks Kgtee

I have used

echo sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, current(explode("{", $v['id'])), $v['quantity'], $v['name']); 

It looks prettier as a URL than the URLencoded "{ and }" (%7B and %7D), unfortunately still does not carry the attribute though

Kindest regards

David

Link to comment
Share on other sites

@DAVID3733

I was thinking to eliminate the 404 error by removing the attributes entirely. Indeed your urlencode does just the same in removing the {.

The product href link in the NAV_BAR module has no purpose anyway other than re-directing the click to the product info page. 😁

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...