Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Redundant Code ???


mcmannehan

Recommended Posts

In all osC versions included the oscom2ce-phoenix-v1.0.1.0 is redundant code?!?

in catalog/admin/includes/functions/html_output.php
check function tep_href_link() and tep_hide_session_id()

In the admin SID (tep_hide_session_id()) is never defined and always NULL 

function tep_hide_session_id() {
	$string = '';
  if (defined('SID') && tep_not_null(SID)) {
  	$string = tep_draw_hidden_field(tep_session_name(), tep_session_id());
  }
  return $string;
}


In the admin $SID function tep_href_link() is alway NULL, coz $SID didn't exist and is missing in the Global. On some server this occur an redirection error
 

function tep_href_link($page = '', $parameters = '', $connection = 'SSL', $add_session_id = true) {
	global $request_type;
  $page = tep_output_string($page);
  if ($page == '') {
  	die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine the page link!<br /><br />Function used:<br /><br />tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</strong>');
  }
  if ($connection == 'NONSSL') {
  	$link = HTTP_SERVER . DIR_WS_ADMIN;
  } elseif ($connection == 'SSL') {
    if (ENABLE_SSL == true) {
  	  $link = HTTPS_SERVER . DIR_WS_HTTPS_ADMIN;
    } else {
      $link = HTTP_SERVER . DIR_WS_ADMIN;
    }
  } else {
      die('</td></tr></table></td></tr></table><br /><br /><font color="#ff0000"><strong>Error!</strong></font><br /><br /><strong>Unable to determine connection method on a link!<br /><br />Known methods: NONSSL SSL<br /><br />Function used:<br /><br />tep_href_link(\'' . $page . '\', \'' . $parameters . '\', \'' . $connection . '\')</strong>');
  }
  if (tep_not_null($parameters)) {
  	$link .= $page . '?' . tep_output_string($parameters);
    $separator = '&';
  } else {
    $link .= $page;
    $separator = '?';
  }
  while ((substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1);
	// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
  if (($add_session_id == true) && (SESSION_FORCE_COOKIE_USE == 'False')) {
    if (tep_not_null($SID)) {
      $_sid = $SID;
    } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
      if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
        $_sid = tep_session_name() . '=' . tep_session_id();
      }
    }
  }
  if (isset($_sid)) {
    $link .= $separator . tep_output_string($_sid);
  }
  while (strpos($link, '&&') !== false) $link = str_replace('&&', '&', $link);
  return $link;
}

Any ideas how to change???

  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0

if(isset($this) || !isset($this)){ // that's the question...

 

Link to comment
Share on other sites

SID is a session constant:  https://www.php.net/manual/en/session.constants.php

It is set if and only if the session is not set in a cookie.  So if it is never set when you look at it, that probably means that you always allow the session cookie.  If you, and all your customers, always allow the session cookie, then it is redundant for you.  It is not redundant for those of us who want to support customers (like me) that do not necessarily enable the session cookie.  

On 8/15/2019 at 2:02 AM, mcmannehan said:


In the admin $SID function tep_href_link() is alway NULL, coz $SID didn't exist and is missing in the Global.

I don't understand what you mean. 

What is the actual problem that you are facing?  When you click a certain link, you get a redirect?  When you click any link, you get a redirect?  Does the redirect terminate?  Or do you get stuck in a redirect loop?  Can you use the site normally thereafter?  Or not? 

If the session cookie is set, then you shouldn't need the session ID in the URL.  The only reason that you might need it is if you were going between HTTPS and HTTP.  But in admin, you shouldn't have to do that.  It should always be HTTPS.  So for the common case, that section of code doesn't do anything.  For a rare case, it will allow one to browse the admin even with cookies turned off. 

Always back up before making changes.

Link to comment
Share on other sites

Thanks for the answer.
First: My server provider did configure some stuff wrong, now SID as constant is working.

Secound: The variable $SID isn't set as global variable in the function (tep_href_link), so $SID will be always NULL or did i miss something?

..................
if (($add_session_id == true) && (SESSION_FORCE_COOKIE_USE == 'False')) {
    if (tep_not_null($SID)) { // <--- $SID is always NULL
      $_sid = $SID;
    } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
      if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
        $_sid = tep_session_name() . '=' . tep_session_id();
      }
    }
  }
..................

I change to:

..................
if (($add_session_id == true) && (SESSION_FORCE_COOKIE_USE == 'False')) {
   if ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
      if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
        $_sid = tep_session_name() . '=' . tep_session_id();
      }
    }
  }
..................

 

until now no issues with the changes.

  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0

if(isset($this) || !isset($this)){ // that's the question...

 

Link to comment
Share on other sites

You are correct.  That code, as written, does nothing, so your revised version will have the exact same behavior. 

I don't know if that was always true or if the code behaved differently previously. 

Always back up before making changes.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...