mcmannehan Posted August 15, 2019 Share Posted August 15, 2019 In all osC versions included the oscom2ce-phoenix-v1.0.1.0 is redundant code?!? in catalog/admin/includes/functions/html_output.php check function tep_href_link() and tep_hide_session_id() In the admin SID (tep_hide_session_id()) is never defined and always NULL function tep_hide_session_id() { $string = ''; if (defined('SID') && tep_not_null(SID)) { $string = tep_draw_hidden_field(tep_session_name(), tep_session_id()); } return $string; } In the admin $SID function tep_href_link() is alway NULL, coz $SID didn't exist and is missing in the Global. On some server this occur an redirection error function tep_href_link($page = '', $parameters = '', $connection = 'SSL', $add_session_id = true) { global $request_type; $page = tep_output_string($page); if ($page == '') { die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine the page link!<br /><br />Function used:<br /><br />tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</strong>'); } if ($connection == 'NONSSL') { $link = HTTP_SERVER . DIR_WS_ADMIN; } elseif ($connection == 'SSL') { if (ENABLE_SSL == true) { $link = HTTPS_SERVER . DIR_WS_HTTPS_ADMIN; } else { $link = HTTP_SERVER . DIR_WS_ADMIN; } } else { die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine connection method on a link!<br /><br />Known methods: NONSSL SSL<br /><br />Function used:<br /><br />tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</strong>'); } if (tep_not_null($parameters)) { $link .= $page . '?' . tep_output_string($parameters); $separator = '&'; } else { $link .= $page; $separator = '?'; } while ((substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1); // Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined if (($add_session_id == true) && (SESSION_FORCE_COOKIE_USE == 'False')) { if (tep_not_null($SID)) { $_sid = $SID; } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) { if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) { $_sid = tep_session_name() . '=' . tep_session_id(); } } } if (isset($_sid)) { $link .= $separator . tep_output_string($_sid); } while (strpos($link, '&&') !== false) $link = str_replace('&&', '&', $link); return $link; } Any ideas how to change??? The clever one learn from everything and from everybody The normal one learn from his experience The silly one knows everything better [socrates, 412 before Christ] Computers help us with the problems we wouldn't have without them! 99.9% of the bugs sit in front of the computer! My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 if(isset($this) || !isset($this)){ // that's the question... Link to comment Share on other sites More sharing options...
♥ecartz Posted August 20, 2019 Share Posted August 20, 2019 SID is a session constant: https://www.php.net/manual/en/session.constants.php It is set if and only if the session is not set in a cookie. So if it is never set when you look at it, that probably means that you always allow the session cookie. If you, and all your customers, always allow the session cookie, then it is redundant for you. It is not redundant for those of us who want to support customers (like me) that do not necessarily enable the session cookie. On 8/15/2019 at 2:02 AM, mcmannehan said: In the admin $SID function tep_href_link() is alway NULL, coz $SID didn't exist and is missing in the Global. I don't understand what you mean. What is the actual problem that you are facing? When you click a certain link, you get a redirect? When you click any link, you get a redirect? Does the redirect terminate? Or do you get stuck in a redirect loop? Can you use the site normally thereafter? Or not? If the session cookie is set, then you shouldn't need the session ID in the URL. The only reason that you might need it is if you were going between HTTPS and HTTP. But in admin, you shouldn't have to do that. It should always be HTTPS. So for the common case, that section of code doesn't do anything. For a rare case, it will allow one to browse the admin even with cookies turned off. Always back up before making changes. Link to comment Share on other sites More sharing options...
mcmannehan Posted August 22, 2019 Author Share Posted August 22, 2019 Thanks for the answer. First: My server provider did configure some stuff wrong, now SID as constant is working. Secound: The variable $SID isn't set as global variable in the function (tep_href_link), so $SID will be always NULL or did i miss something? .................. if (($add_session_id == true) && (SESSION_FORCE_COOKIE_USE == 'False')) { if (tep_not_null($SID)) { // <--- $SID is always NULL $_sid = $SID; } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) { if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) { $_sid = tep_session_name() . '=' . tep_session_id(); } } } .................. I change to: .................. if (($add_session_id == true) && (SESSION_FORCE_COOKIE_USE == 'False')) { if ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) { if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) { $_sid = tep_session_name() . '=' . tep_session_id(); } } } .................. until now no issues with the changes. The clever one learn from everything and from everybody The normal one learn from his experience The silly one knows everything better [socrates, 412 before Christ] Computers help us with the problems we wouldn't have without them! 99.9% of the bugs sit in front of the computer! My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 if(isset($this) || !isset($this)){ // that's the question... Link to comment Share on other sites More sharing options...
♥ecartz Posted August 25, 2019 Share Posted August 25, 2019 You are correct. That code, as written, does nothing, so your revised version will have the exact same behavior. I don't know if that was always true or if the code behaved differently previously. Always back up before making changes. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.