Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Register Globals Support


Guest

Recommended Posts

I coded my own fix:

catalog/includes/functions/sessions.php

 

There are four calls to array_keys

        $session_keys = array_keys($_SESSION);

 

There needs to be an is_array check on $_SESSION before calling array_keys

 

like this:

 

    if(is_array($_SESSION)) {
       $session_keys = array_keys($_SESSION);

 

put the closing curly bracket after the foreach closing curly bracket

 

reapeat this for each of the four $session_keys = array_keys($_SESSION); in the file.

 

Another note about the google spider:

I was getting google spider stuck on cookie_usage.php quite often so I added Disallow: /catalog/shopping_cart.php

Disallow: /catalog/login.php

to my robots.txt

Link to comment
Share on other sites

  • 2 weeks later...
  • Replies 280
  • Created
  • Last Reply

Top Posters In This Topic

for some unknown reason, ocC decided to start asking me to register globals the very weekend our client spent ?1500 on advertising, and the site was due to go live, even after 3 months of testing... grrr.. Your contibution came to the rescue! So thank you!

 

But....

 

I keep getting the message..

 

Warning: Cannot modify header information - headers already sent by (output started at /home/nas01l/g/gosexy.co.uk/user/htdocs/gosexy2/includes/application_top.php:1019) in /home/nas01l/g/gosexy.co.uk/user/htdocs/gosexy2/includes/functions/general.php on line 29

 

in [siteroot]/login.php

 

 

I've seen that people have had this problem in the admin kit, but not in the front end. Any ideas? I'm pretty desperate to get this working asap, needless to say the client is not happy with my hacked together solution to bypass this message...

 

THANKS!!

 

Oh, and i'm having problems opening some of the .gz files in windows, can someone send me the latest contri in unpacked format please??

Edited by roomboom

Jon

Link to comment
Share on other sites

Warning: Cannot modify header information - headers already sent by (output started at /home/nas01l/g/gosexy.co.uk/user/htdocs/gosexy2/includes/application_top.php:1019) in /home/nas01l/g/gosexy.co.uk/user/htdocs/gosexy2/includes/functions/general.php on line 29

As the error message implies, you are outputting something to the browser before the page header info.

 

In my experience, one of the first things to check for are any trailing blank lines on the ends of any files (or any blank lines within the file tha are outside of any <php ... ?> code sections). As this error is being generated from application_top.php then I would go through the files that it includes and work out which file is causing the problem.

 

As you are being paid to do this work, I assume you know how to do this :-)

 

You also say you have problems opening "some of the .gz files". There is only ONE archive (.gz) file that contains the whole patch ! If you have managed to open that (and obvioulsy you have because otherwise you wouldn't have been able to apply the patch at all), then what's the problem ? I don't understand.

 

Rich.

 

>> Edited <<

Hang on ! the error message tells you the line number where the output started - 1019 !!! Do I get a cut of your fee ? I don't normally provide free consultancy and I'm very expensive you know.

Edited by CMOTD
Link to comment
Share on other sites

3:30 in the morning. Five hours hunting down an error. Time to shallow my pride, excuse myself and ask some questions:

 

I have what I belive looks like a register_globals = off issue with one contribution, a small one which is the Admin Listing Paging one. There are two versinos, one created by Italian Giussepe Urso (Admin products listing custom limit), that is old and outdated, and a new one (better commented one, Admin Products Paging) by Jordi. This last one is the one I used and it is this one here:

 

http://www.oscommerce.com/community/contri...ons,1965/page,3

 

 

This bug is concerning the "categories.php" file only. If you want to look at the code, download it from the osc server. I rarther do the fixing in a clean one, then move it over to mine later as it currently has about 5 contributions in it (QTPro, Ultrspics, Header Tags Controller, Products Sort, a few more) This shop was buit upon a register_globals = off ammended OSC shop.

 

This contribution basically adds a maximun limit of products to be listed in the Categories/Products section of the Admin, and adds a simple numbered page link for extra pages (1, 2,3) You set the maximun number of products per page in the Configuration>Maximun Values (example: 5).

 

Anyway, I assume most of you know what that is. My problem is that when clicking on any of the other page numbers, it opens the same page. I see the link kick in, I see the browser send it, get it back, but it its the same page, same page number. I look at the url and I see the read out is correct:

Examples :

 

Page 1 = http://www.zozzz.com/osc_shop/zozzz_admin/...es.php?cPath=21

 

Page 2: = http://www.zozzz.com/osc_shop/zozzz_admin/..._1=5&limite_2=5

 

Page 3: = http://www.zozzz.com/osc_shop/zozzz_admin/...1=10&limite_2=5

 

Yet, it still spits out page 1, even when the url address reads out differently

 

No errors, everything appears fine, all othe links work. I run into a similar issue with QTPro, and as I suspected, it was a register_globals issue, which fortunately for me, someone had just figured out and posted almost at the same time.

 

This bug seems to be similar in action and form as the QTpro one I metioned.

 

Ok, so my question and proposal is:

 

A) Any ideas, any hope for a miserable PHP-poser like myself to get any of you PHP-gods to throw me a bone scrap and see what you think?...I can't fix it, but I can tell it is not a major issue..I feel like I am just one inch away from fixing it. I smell the problem maybe in teh way the page link is generated (<a href=categories.php?cPath=$cPath&limite_1=$lim_1&limite_2=$lim_2>), maybe not

 

B) If fixed, I will clean up the code and posted as a REGISTER_GLOBALS=OFF version of Admin Products Paging so the next pair of php-posers like myself don't annoy anyone else with that one.

 

Thanks.

Link to comment
Share on other sites

3:30 in the morning.

...etc etc etc...

You could try the following :

 

At the top of the file, just after the line...

 

$action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');

 

...add the following two lines...

 

link_get_variable('limite_1');

link_get_variable('limite_2');

 

--------------

 

NOTES:

 

1) I have not tested this in any way at all.

 

2) This fix assumes you have added the functions 'link_get_variable' and 'link_post_variable' to the file .../catalog/includes/functions/general.php - the register globals patch instructions state that these are optional so if you didn't bother including them then you will get an 'undefined function' error and you will have to go back to the instructions and add these two functions in.

 

3) If this still does not work, try changing both 'link_get_variable' function calls in the above fix to 'link_post_variable' instead (but I'm pretty sure the 'get' version is correct in this case).

 

4) If it STILL doesn't work then have a cup of tea / post back / give up / swear (delete as you see fit).

 

Rich.

Link to comment
Share on other sites

Rich, my man, you are THE man. Worked like butter man, almost made me cry.

 

.....I shall promptly take your instructions, make a quick TXT file and place it on the Admin Paging contributions for future ref, giving youu of course all good credit.

 

Awesome.

Link to comment
Share on other sites

Sorry to wonder back in here with another issue:

 

I just installed (Just..more like 8 hours ago actually) WISHLIST 2.0 and as expected, I am running into another register_globals=off issue. (or at least I think so)

 

The installation went smooth, but as it stands now, no fucntionality. Since this is a multiple page problem, I paste the code for the pages where I suspect the problem may be:

 

 

##########APPLICATION_TOP.PHP

 

 

MODIFICATION # 1

 

THIS ONE I SOLVED using the link_get_variable CMOTD showed me for the Admin Paging problem just before this post. This code was giving me an SQL sytax error, but as I said, it is fixed:

 

OLD CODE

 

 ? ? ?// performed by the 'buy now' button in product listings and review page
? ? ?case 'buy_now' : ? ? ? ?if (isset($HTTP_GET_VARS['products_id'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Wish List 2.3 Start
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (tep_session_is_registered('customer_id')) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST . " WHERE customers_id=$customer_id AND products_id=$products_id");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id=$products_id");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Wish List 2.3 End
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id']));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?} else {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?$cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1);
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?break;

 

 

NEW FIXED CODE using "link_get_variables"

 

 ? case 'buy_now' : ? ? ? ?if (isset($HTTP_GET_VARS['products_id'])) {
? ? ? ?link_get_variable('customer_id'); 
? ? ? ?link_get_variable('products_id'); 
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Wish List 2.3 Start
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (tep_session_is_registered('customer_id')) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? tep_db_query("delete from " . TABLE_WISHLIST . " WHERE customers_id=$customer_id AND products_id=$products_id");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id=$products_id");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Wish List 2.3 End
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id']));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?} else {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?$cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1);
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?break;

 

 

 

MODIFICATION # 2

 

 ?case 'cust_order' : ? ? if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['pid'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Wish List 2.3 Start
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_GET_VARS['pid'] . "' and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id='" . $HTTP_GET_VARS['pid']."'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Wish List 2.3 End
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (tep_has_product_attributes($HTTP_GET_VARS['pid'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['pid']));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?} else {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?$cart->add_cart($HTTP_GET_VARS['pid'], $cart->get_quantity($HTTP_GET_VARS['pid'])+1);
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?break;
// Wish List 2.3 Start
// *****************************************
? ? ?// Remove item from the Wish List
? ? ?case 'remove_wishlist':
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_GET_VARS['pid'] . "' and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id= '" . $HTTP_GET_VARS['pid'] . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_redirect(tep_href_link(FILENAME_WISHLIST));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?break;
? ?} // end switch $HTTP_GET_VARS['action']
?} // end if is set $HTTP_GET_VARS['action']

?// Shopping cart actions through POST variables from forms
?if (isset($HTTP_POST_VARS['wishlist_action'])) {
? ?// redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled
? ?if ($session_started == false) {
? ? ?tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));
? ?}

? ?$goto = basename($PHP_SELF);
? ?switch ($HTTP_POST_VARS['wishlist_action']) {
? ? ?// Customer wants to update the product quantity in their shopping cart
? ? ?case 'add_wishlist' : ?if (ereg('^[0-9]+$', $HTTP_POST_VARS['products_id'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if ($HTTP_POST_VARS['products_id']) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if ($customer_id > 0) {
? ? ? ? ? ?// Queries below replace old product instead of adding to queatity.
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_POST_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("insert into " . TABLE_WISHLIST . " (customers_id, products_id, products_model, products_name, products_price) values ('" . $customer_id . "', '" . $products_id . "', '" . $products_model . "', '" . $products_name . "', '" . $products_price . "' )");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " where products_id = '" . $HTTP_POST_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Read array of options and values for attributes in id[]
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (isset ($id)) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?foreach($id as $att_option=>$att_value) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Add to customers_wishlist_attributes table
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("insert into " . TABLE_WISHLIST_ATTRIBUTES . " (customers_id, products_id, products_options_id , products_options_value_id) values ('" . $customer_id . "', '" . $products_id . "', '" . $att_option . "', '" . $att_value . "' )");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?break;

? ? ?case 'wishlist_add_cart' :if (ereg('^[0-9]+$', $HTTP_POST_VARS['products_id'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if ($HTTP_POST_VARS['products_id']) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if ($customer_id > 0) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_POST_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " where products_id = '" . $HTTP_POST_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Read array of options and values for attributes in id[]
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? $cart->add_cart($HTTP_POST_VARS['products_id'], $cart->get_quantity(tep_get_uprid($HTTP_POST_VARS['products_id'], $HTTP_POST_VARS['id']))+1, $HTTP_POST_VARS['id']);
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?break;
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?break;

? ? ? // Wishlist Checkboxes
? ? ? case 'add_delete_products_wishlist': 
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (isset($HTTP_POST_VARS['add_wishprod'])) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? if ($HTTP_POST_VARS['borrar'] == 0) { 
? ? ? ? ? ? ? ? // 'borrar' form variable refers to deleting products in array $add_wishprod[] from wishlist
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? foreach ($HTTP_POST_VARS['add_wishprod'] as $value) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (ereg('^[0-9]+$', $value)) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?$cart->add_cart($value, $cart->get_quantity(tep_get_uprid($value, $HTTP_POST_VARS['id'][$value]))+1, $HTTP_POST_VARS['id'][$value]);
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = $value and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " where products_id = '$value' and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? }
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? }
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? if ($HTTP_POST_VARS['borrar'] == 1) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? foreach ($HTTP_POST_VARS['add_wishprod'] as $value) {
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (ereg('^[0-9]+$', $value)) { ? ?
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = $value and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " where products_id = '$value' and customers_id = '" . $customer_id . "'");
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? }
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? tep_redirect(tep_href_link(FILENAME_WISHLIST));
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? }
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?}
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?break;

? ?} // end switch ($HTTP_POST_VARS['wishlist_action'])
?} // end isset($HTTP_POST_VARS)
// *****************************************
// Wish List 2.3 End

// include the who's online functions

 

 

 

I also suspect the products_info.php and wishlist.php pages may also have code that needs patching, but I get the feeling the problem is in this page.

 

As always, upong fixing/texting this problem, I will posted a TXT file to the WISHLIST 2.0 contribution so anyone else with this problem can fix it next time around.

 

Thanks in advanced

Edited by canary100
Link to comment
Share on other sites

   case 'buy_now' :        if (isset($HTTP_GET_VARS['products_id'])) {
       link_get_variable('customer_id'); 
       link_get_variable('products_id'); 
                               // Wish List 2.3 Start
                               if (tep_session_is_registered('customer_id')) {

I would suggest that your fix here is not correct. The line...

 

if (tep_session_is_registered('customer_id'))

 

...suggests that this is a session variable. Using the function link_get_variable, you are associating it with a $_GET variable. Without further investigation, I can't be sure, but I would guess that what you have done is not actually correct.

 

As for any other problems you have, no idea !

 

Rich.

Link to comment
Share on other sites

 ? case 'buy_now' : ? ? ? ?if (isset($HTTP_GET_VARS['products_id'])) {
? ? ? ?link_get_variable('customer_id'); 
? ? ? ?link_get_variable('products_id'); 
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?// Wish List 2.3 Start
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?if (tep_session_is_registered('customer_id')) {

I would suggest that your fix here is not correct. The line...

 

if (tep_session_is_registered('customer_id'))

 

...suggests that this is a session variable. Using the function link_get_variable, you are associating it with a $_GET variable. Without further investigation, I can't be sure, but I would guess that what you have done is not actually correct.

 

As for any other problems you have, no idea !

 

Rich.

 

Thanks CM. I knew at one point my luck would run out. As for "my fix" being wrong, well, not to argue back, but I have test it quite a few times , and it seems to work just fine..but then again, what do I know...I am just an idiot savant...

 

Thanks man.

Link to comment
Share on other sites

  • 2 weeks later...

I am installing a test OSC site on my home computer, using mac's handy-dandy preloaded Apache server environment. i figured- why not leave register_globals off, use the patch, and be safer when i go live?

but- There are no modules showing when I click on that list. not payment, shipping, nor order totals.

Admin side says that the images directory is not writable, and that my category inamges do not exist.

And take a look at this message. i get it when I edit a product, or add new product, page

admin/categories.php?cPath=0_99&pID=135&action=new_product_preview;

 

Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

How about that- an unknown file!

I am terrible at coding as it is!

any clues here to a smarter eye than mine?

Edited by Dragonmom

psst... wanna buy a wand?

Link to comment
Share on other sites

Admin side says that the images directory is not writable, and that my category inamges do not exist.

In that case, the images directory probably ISN'T writable ! As it is also complaining that you have no image files, it sounds like the image path is not correctly set up. This has nothing at all to do with this contribution; it's a basic installation config issue which has probably been brought up on these forums at least a hundred times in the past year (along with the two or three other basic things that seem to crop up every other day because no one bothers to search the bloody forums before posting).

 

Warning: Unknown(): Your script possibly relies on a session side-effect....

You haven't read the contribution's installation instructions have you ? I thought the "PLEASE Read this - it will save you a lot of grief !" comment at the top of the README file might have given you a clue. Clearly not ! I despair..... What's the bloody point ?!

 

I am terrible at coding....

You're not too hot at reading instructions either !

 

Rich

 

ps - If you think I'm being rude, tough - I am ! I have a reputation to keep !

Link to comment
Share on other sites

Whew, I deserved that :wacko:

I obviously skipped right over the crucial portion of your read-me. You explain the problem and the solution meticulously, and I am ashamed of myself.

AS far as the config files, they look correct, I've loaded OSC six or seven times now, but I am going to look over them with a magnifying glass, because I think you are right about that too.

Note to myself- From now on- get enough sleep!

psst... wanna buy a wand?

Link to comment
Share on other sites

  • 2 weeks later...
I moved a site from a Unix platform to a Windows platform and had a lot of issues, not least was this register globals problem. Anyway used this contrib and it helped in the fix.

 

A couple of issues I had (and fixed) on a Windows box:

1 - a partial page was displaying or the page was redirecting constantly. Only an issue on Internet Explorer and not Mozilla. The cause was buffering but I couldn't fix it until I found if I turned off gzip support it stopped the HTTP compression and this issue went away. (do this through the admin screens)

 

2 - Problem with backups and uploading images. Still working on this. My theory is the site is running as a user id that doesn't have write persmission on the directorys in question.

 

3 - There appears to be a bug in the admin patch labeled 030740. The problem was the admin security wasn't working and access to /admin/index.php (amongst others) was possible without logging in.

 

The code in /admin/includes/functions/general.php had to be modified as follows:

// Redirect to another page or site

  function tep_redirect($url) {

//-----Comment this line out ---> return stristr($_SERVER['HTTP_USER_AGENT'], $url);   

//global $logger;

 

    header('Location: ' . $url);

 

    if (STORE_PAGE_PARSE_TIME == 'true') {

      if (!is_object($logger)) $logger = new logger;

      $logger->timer_stop();

    }

 

    exit;

  }

 

4 - I have a ton of contribs loaded and had to go to the less strict version of the sessions mapping code.

 

5 - I was getting warning messages about using a side effect from earlier versions of PHP. I used the '@' to suppress warnings in the following code (in /includes/functions/sessions.php )

    if (PHP_VERSION >= '4.0.4') {

      return @session_write_close();

    } elseif (function_exists('session_close')) {

      return session_close();

    }

 

Dylan

 

Did you have any problems with the visitor's IP address not showing up when you switched to a Windows box? I have my site on a windows box and the IP address of visitors is not showing in Who's Online, and was wondering if it was something to do with this.

 

Thanks,

 

Jason

Link to comment
Share on other sites

Hi,

I just installed this contribution, and it went perfectly! I'm releived, grateful, and rather surprised that the default for osCommerce is globals = on. It's so simple to deactivate them.

 

Thanks a million to all those who worked on this!

 

-Ethan

Link to comment
Share on other sites

...and rather surprised that the default for osCommerce is globals = on...

Quite.

 

I was fairly staggered that no one had patched this long before I came to use osc.

 

And as I wasn't exacty happy with the thought of having register globals enabled (HUGE understatement), I figured someone ought to do something about it.... :-)

 

Rich

Link to comment
Share on other sites

The README file states that :

 

In fact, if you use this patch, you MUST disable the 'register_globals' option. if you do not, things will go horribly wrong !

 

I patched my version on a test server that still has register_globals set to on, and I didn't see any error or warning messages, and so far, my tests *seem* to be fine.

 

What kind of trouble am I to expect by using this on a server that still has register_globals ?

 

Thanks.

After three days without programming, life becomes meaningless.

-- The Tao of Programming

Link to comment
Share on other sites

The README file states that :

I patched my version on a test server that still has register_globals set to on, and I didn't see any error or warning messages, and so far, my tests *seem* to be fine.

 

What kind of trouble am I to expect by using this on a server that still has register_globals ?

 

Thanks.

You won't get any kind of error message displayed.

 

Having this patch installed and register globals enabled _can_ cause the session variables to screw up though. This is because of the way the session variables are mapped into the global variable space to allow OSC to still work. Sorry - I should have explained this in the docs.

 

If you find you don't have a problem, then fine - I might be wrong (but I don't think I am). I still wouldn't do it though ! - having register globals still enabled will prevent the major benefit (and whole point !) of the patch - that of preventing variable injection into the runninng code.

 

Rich.

Edited by CMOTD
Link to comment
Share on other sites

I still wouldn't do it though ! - having register globals still enabled will prevent the major benefit (and whole point !) of the patch - that of preventing variable injection into the runninng code.

I totally agree with the point that patching and leaving register_globals is ridiculous. However, in the situation I am in, it kinda makes sense (with some modifications to the patch).

 

The company I work for doesn't own the server on which the website is hosted, we don't administer it, we have no power when it comes to decisions (basically, it's a host). Until now, the host has left register_globals on, but I know they will turn it off eventually (they tried it in the past and received loads of complaints, so they turned it back on). They probably won't warn when they will switch it off again, so I have to be prepared.

 

What I did to workaround the patch+register_globals=on possible problems is put every part of the patch in if(ini_get('register_globals') == '1') { original_code } else { patch } blocks. I'm aware that it probably has an effect on performance, but we only have about 20 visitors per day anyway, so it doesn't matter.

 

Thanks.

After three days without programming, life becomes meaningless.

-- The Tao of Programming

Link to comment
Share on other sites

Im currently reloading my site on a new server and Ive got the Register globals problem, My version of OSC is 2.2-MS1 will this contribution work with it. ? Anyone had any success with 2.2-MS1 or are there any alternative options?

 

Thanks

Link to comment
Share on other sites

I Have A Problem With The Script

 

My Home Page Gives The Error Message

 

Fatal error: Cannot redeclare tep_session_recreate() (previously declared in \\premfs18\sites\premium18\satishkumar\webroot\Shop\includes\functions\sessions.php:178) in \\premfs18\sites\premium18\satishkumar\webroot\Shop\includes\functions\sessions.php on line 222

 

My Home Page URL is www.exitbuy.com/shop

 

What Can I Do To Fix It

 

Regards,

Satish Kumar

ExitBuy.Com

Link to comment
Share on other sites

Hi, I Have A Problem With Your Script

 

 

Fatal error: Cannot redeclare tep_session_recreate() (previously declared in \\premfs18\sites\premium18\satishkumar\webroot\Shop\includes\functions\sessions.php:178) in \\premfs18\sites\premium18\satishkumar\webroot\Shop\includes\functions\sessions.php on line 222

 

My Home Page URL is www.exitbuy.com/shop

 

Can You Tell Me How I Can Fix It

 

Regards,

Satish Kumar

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...