Jump to content
Sign in to follow this  
CMOTD

Register Globals Support

Recommended Posts

Not sure how many people this effects, but I noticed the following:

catalog/includes/classes/sessions.php: $url = parse_url($GLOBALS['HTTP_REFERER']);

 

in the patched version. AFAIK, this needs to be changed to $_SERVER['HTTP_REFERER']. ALso exists in

catalog/admin/includes/classes/sessions.php: $url = parse_url($GLOBALS['HTTP_REFERER']);

 

Also the line right below in both of those files, dealing with SERVER_NAME...

Edited by Agelmar

Share this post


Link to post
Share on other sites

how do you make his patch work? I have DL the v1.3a and place each file in its place on the server but still I get the sama message ???

 

thanks a lot

Share this post


Link to post
Share on other sites

has anyone found a fix for the offical osCommerce PayPal IPN v1.1 Module ??

 

it seems to work for some people and change the status from Paypal [Preparing IPN] to Paid..

 

but for most people it gets stuck on Paypal [Preparing IPN].. when they get redirected back to the checkout_process page it doesn't realise they have paid.

 

i also have register globals on...

 

i've tried all of the fixes from here but can' get any to work

Share this post


Link to post
Share on other sites
do you get the error while installing? because i had this too,

 

i solved this by commenting the register_globals check in application.php in your /install/includes

OH THANK YOU! I was tearing my hair out looking for a php.ini file that didn't exist because I am hosted. After seeing your post I went into the application_top.php file (/ public_html / store / includes) and completely removed:

 

// check if register_globals is enabled.

// since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized.

if (function_exists('ini_get')) {

ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.');

}

 

**************************************************************

This brought the site up immediately! Man am I happy about that. All the info I was getting in search was confusing me more than before I got here. :)

 

Excellent info, and the search button on this site works well :)

 

Thank you guy's!


RC2.2a

Share this post


Link to post
Share on other sites

I'm trying to install this registered globals off contrib and I've run into a snag, the newer version of oscommerce modifies the includes/functions/sessions.php to include a necessary security fix changing the

 

function tep_session_start() variable to:

 

function tep_session_start() {
global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
$sane_session_id = true;

if (isset($HTTP_GET_VARS[tep_session_name()])) {
  if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) {
	unset($HTTP_GET_VARS[tep_session_name()]);

	$sane_session_id = false;
  }

} elseif (isset($HTTP_POST_VARS[tep_session_name()])) {
  if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) {
	unset($HTTP_POST_VARS[tep_session_name()]);

	$sane_session_id = false;
  }

} elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) {
  if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) {
	$session_data = session_get_cookie_params();

	setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']);

	$sane_session_id = false;
  }
}

if ($sane_session_id == false) {
  tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
}

return session_start();
 }

 

The directions are for the old version and say to replace that with:

 

function tep_session_start() {
// >>> BEGIN REGISTER_GLOBALS
$success = session_start();

// Work-around to allow disabling of register_globals - map all defined
// session variables
if ($success && count($_SESSION))
{
  $session_keys = array_keys($_SESSION);
  foreach($session_keys as $variable)
  {
	link_session_variable($variable, true);
  }
}

 

 

Which nullifies the security fix in the newer osCommerce I would think. How do I apply this contribution and still leave the osCommerce security fix intact???

 

Thanks in advance!

Edited by homewetbar

Most Valuable OsCommerce Contributions:

Also Purchased (AP) Preselection (cuts this resource hogging query down to nothing) -- Contribution 3294

FedEx Automated Labels -- Contribution 2244

RMA Returns system -- Contribution 1136

Sort Products By Dropdown -- Contribution 4312

Ultimate SEO URLs -- Contribution 2823

Credit Class & Gift Voucher -- Contribution 282

Cross-Sell -- Contribution 5347

Share this post


Link to post
Share on other sites

I installed version 1.3 of this module. I have got everything to work fine apart from two things, if someone could help fix the problem, i could pay them some cash through paypal.

 

The first problem:

 

In admin/order_status.php i cannot set any of the other options as default apart from "pending". Before I installed this contrib I had it as "processing". Although I can set the default as anything I like in admin once the order is made on my website it always goes to pending.

 

I want to do this as then an automatic email is then sent to my customer telling them about the order.

 

The second problem is:

 

I no longer get a paypal ipn email when an order has been made through my website nor does the paypal ipn system work.

 

I do get an email directly from paypal saying that funds have been added to my account and what the product ordered was.

 

 

The paypal contrib i have installed is (v3.1.5):

 

 

http://www.oscommerce.com/community/contri...h,paypal+devosc

 

All the order numbering and everything else is working fine. Please help.

Share this post


Link to post
Share on other sites

I'm trying to get this sorted and to use with the STS Template system, can it be done??

Share this post


Link to post
Share on other sites

I have "Register Globals" installed and when trying to access the "product attributes" page in the admin I received the following error:

 

Fatal error: Call to undefined function: link_get_variable() in /var/www/vhosts/scootersatvs.com/httpdocs/catalog/admin/products_attributes.php on line 14

 

Anyone recognize this?

 

Linda

Share this post


Link to post
Share on other sites

OK, 'cause I think that what I'm experiencing might be benefitial to others and also 'cause I still hope that somebody might be able to help me, I'll keep you up to date with my problem:

 

I'm having some difficulties with register_globals and currencies update. If you have more than one currency in your store, this module will take care of regular updates via cron.

 

When I call the script from my browser, currencies are updated however when I set a cron job, I'm receiving message that register_globals is disabled in php.ini. This is what I've tried so far:

 

I have "php_flag register_globals on" in my .htaccess. - I haven't restarted apache as I have no access to the server - I'm on shared hosting but the whole site has been running for couple of months now without any problems related to register_globals - apart from that update currencies script.

 

I have created php.ini with register_globals = On in and uploaded to root as well as to admin directory.

 

With all the above done I run cron job and receive that FATAL ERROR message again.

 

Creator of Currency Value Updater confirmed the following:

that error is generated by the file includes/application_top.php. If you've tried to enable it without success, your host has disallowed access to that command. You have two options:

 

1) Use the Register Globals Off contribution to allow your store to function in an enviroment with register_globals disabled

 

2) Delete the line in your application_top.php file that's killing the script.

 

There's nothing in my script that needs register_globals enabled, but it calls up the application_top.php file to get configuration and database settings.

 

With all the above said and done, I've contacted my host and this is their reply:

The .htaccess method of turning on register globals only works when you access the script over the web server, if you are calling it directly with php from command line you can try specifying php -d register_globals=1 <filename> instead of just php <filename>

 

Their answer was promising, however the command produced the following message from cron:

PHP Warning:  main(/home/httpd/vhosts/mysite.com/httpdocs/config_cache/config.php): failed to open stream: Permission denied in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/configuration_cache_read.php on line 20
PHP Warning:  main(/home/httpd/vhosts/mysite.com/httpdocs/config_cache/config.php): failed to open stream: Permission denied in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/configuration_cache_read.php on line 20
PHP Warning:  main(): Failed opening '/home/httpd/vhosts/mysite.com/httpdocs/config_cache/config.php' for inclusion (include_path='.:/usr/share/pear') in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/configuration_cache_read.php on line 20
PHP Warning:  main(includes/languages/.php): failed to open stream: No such file or directory in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/application_top.php on line 134
PHP Warning:  main(includes/languages/.php): failed to open stream: No such file or directory in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/application_top.php on line 134
PHP Fatal error:  main(): Failed opening required 'includes/languages/.php' (include_path='.:/usr/share/pear') in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/application_top.php on line 134
X-Powered-By: PHP/4.4.2

Set-Cookie: osCAdminID=7a1722f52212af96ae23c01cc88851d9; path=/admin/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-type: text/html

 

Well, that's the situation so far. If you have any idea how could this be sorted without using Register Globals Off contribution, please, please let me know. I've been trying to sort this out for quite a long time now.

 

Alex


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites

I just installed v1.4 into a OSC 2.2 R2 and am having problems. For some reason, my cart has totally failed. If I try to add a product into the cart from the product_info.php file, for some reason after the redirection the cart is always empty.

 

I seem to have traced the problem to the line $success = session_start(); in the function tep_session_start in includes/functions/sessions.php. Before this line is executed, my $_GET global has the 'action' and 'product_id' variables set correctly (along with the 'osCsid' var). However after the session starts, both the 'action' and 'product_id' vars get wiped from the $_GET array, and they no longer trigger anything. Specifically I need it to trigger the shopping cart section in application_top.php. However at that point, the session has been called and my 'action' variable seems to be no longer accessible. I imagine somewhere, some code is doing something like unset($_GET['action']), but I have no idea where this might be.

 

I've racked my brain on this for like 4 hours already and haven't had any luck. Has anyone else noticed this problem, or does anyone have any suggestions on where else I should be looking?

 

Thanks in advance.

 

EDIT - I almost forgot to mention, but after the $_GET variables are wiped, for some reason the osCsid stays. Before that session_start() call, there are 3 vars, action, product_id and osCsid. After, only osCsid...Weird.

Edited by sukui

Share this post


Link to post
Share on other sites
Register Globals V 1.4 is now available. You can find it here...

 

http://www.oscommerce.com/community/contributions,2097

 

I would have put a post on the "contributions announcement" board but I wasn't allowed to. I dunno - don't ask me...

 

Rich.

 

Hello,

 

I just installed this contribution and upon accessing my catalog/admin, I receive the following errors:

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at c:\hosting\webhost4life\member\garden\catalog\admin\includes\configure.php:47) in c:\hosting\webhost4life\member\garden\catalog\admin\includes\functions\sessions.php on line 68

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at c:\hosting\webhost4life\member\garden\catalog\admin\includes\configure.php:47) in c:\hosting\webhost4life\member\garden\catalog\admin\includes\functions\sessions.php on line 68

 

Fatal error: Call to undefined function tep_get_languages() in c:\hosting\webhost4life\member\garden\catalog\admin\index.php on line 58

 

Help!

Share this post


Link to post
Share on other sites
Hello,

 

I just installed this contribution and upon accessing my catalog/admin, I receive the following errors:

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at c:\hosting\webhost4life\member\garden\catalog\admin\includes\configure.php:47) in c:\hosting\webhost4life\member\garden\catalog\admin\includes\functions\sessions.php on line 68

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at c:\hosting\webhost4life\member\garden\catalog\admin\includes\configure.php:47) in c:\hosting\webhost4life\member\garden\catalog\admin\includes\functions\sessions.php on line 68

 

Fatal error: Call to undefined function tep_get_languages() in c:\hosting\webhost4life\member\garden\catalog\admin\index.php on line 58

 

Help!

 

Well, it turns out that there were whitespaces in the files. Solved the warning errors but still getting the Fatal one tep_get_language)

Share this post


Link to post
Share on other sites
Well, it turns out that there were whitespaces in the files. Solved the warning errors but still getting the Fatal one tep_get_language)

 

Browsed through another topic in the forum and actually run into the solution. The solution for the fatal error is that the funtion_tep_get_language could not be found in the admin/functions/general.php file. I just realized, that I may have accidentally uploaded the general.php file in the catalog folder into the admin folder. Duh!!!

 

Anyway, posting this update as it may help others.

Share this post


Link to post
Share on other sites

Installed this on my test site and now having a problem with $messageStack. On any page where a condition should generate a message from $messageStack->add_session(), it only works on the second attempt:

 

Examples...

In My Account:

Newsletter -- change option to select a newsletter --> continue; no message. Return to change option, deselect newsletter --> continue, success message displayed

 

Tell a Friend:

Send a Tell a Friend e-mail about a product, returned to product no message. Send another e-mail (same or any product), returned to product find e-mail success message.

 

I know this is happening on all the add_session messages. Haven't yet checked the $messageStack->add()

 

I do not know enough to troubleshoot this problem -- Help Please :)

Share this post


Link to post
Share on other sites

Warning: mysql_connect(): Client does not support authentication protocol requested by server; consider upgrading MySQL client in \\sknet83.seekdotnet.com\d$\Clients\C2270\R639\getbobbleheads.com\public_html\catalog\includes\functions\database.php on line 19

Unable to connect to database server!

 

 

Ugly isn't it.... I was hoping this contrib would work for me to eliminate the register globals message. There was no database problems before I added this contrib.

Share this post


Link to post
Share on other sites
Installed this on my test site and now having a problem with $messageStack. On any page where a condition should generate a message from $messageStack->add_session(), it only works on the second attempt:

 

Examples...

In My Account:

Newsletter -- change option to select a newsletter --> continue; no message. Return to change option, deselect newsletter --> continue, success message displayed

 

Tell a Friend:

Send a Tell a Friend e-mail about a product, returned to product no message. Send another e-mail (same or any product), returned to product find e-mail success message.

 

I know this is happening on all the add_session messages. Haven't yet checked the $messageStack->add()

 

I do not know enough to troubleshoot this problem -- Help Please :)

 

The add_session should work on the 2nd attempt. You use it when you're about to do a redirect and therefore maintain the message when the page reloads. Otherwise for instant notification (on the same page) you should use the $messageStack->add

Share this post


Link to post
Share on other sites
The add_session should work on the 2nd attempt. You use it when you're about to do a redirect and therefore maintain the message when the page reloads. Otherwise for instant notification (on the same page) you should use the $messageStack->add

 

Thanks for the answer but maybe I didn't explain it properly. My e-mail a friend example is a redirect and so the message should appear when returned from the E-Mail A Friend page. Without the Register Globals patch and of course with register globals on, that is how it works --> product_info.php to tell_a_friend.php redirect to product_info.php and the e-mail success message appears.

 

When I had the patch installed and register globals off this is what would happen instead:

product_info.php to tell_a_friend.php redirect to product_info.php NO e-mail success message; repeat the process -> product_info.php to tell_a_friend.php redirect to product_info.php and the e-mail success message appears.

 

This was the case with all the normal OSC $messageStack functions. Probably I missed or incorrectly installed the patch but I could not find where. At the moment I have removed it so I could do other work. Maybe it would be easier to address this when I re-install.

 

:thumbsup:

Share this post


Link to post
Share on other sites
Thanks for the answer but maybe I didn't explain it properly. My e-mail a friend example is a redirect and so the message should appear when returned from the E-Mail A Friend page. Without the Register Globals patch and of course with register globals on, that is how it works --> product_info.php to tell_a_friend.php redirect to product_info.php and the e-mail success message appears.

 

When I had the patch installed and register globals off this is what would happen instead:

product_info.php to tell_a_friend.php redirect to product_info.php NO e-mail success message; repeat the process -> product_info.php to tell_a_friend.php redirect to product_info.php and the e-mail success message appears.

 

This was the case with all the normal OSC $messageStack functions. Probably I missed or incorrectly installed the patch but I could not find where. At the moment I have removed it so I could do other work. Maybe it would be easier to address this when I re-install.

 

:thumbsup:

 

 

Wow, I just tried this and sure enough - works as you describe (which is not what is desired)

 

I just got done testing tell_a_friend.php a coupld days ago and it was working great.

 

I then loaded the Register Globals patch.

 

I thought everything seemed to be working fine but guess I hadn't really noticed this yet.

 

Is there a fix??

 

Nathan

Share this post


Link to post
Share on other sites

This patch dosnt work in my sites :

Big problem is create new user, can't insert complete information such as address id with 0.

Shipping modules cant display because that problem.

 

i was try to edit manual and upload register global patch file, problem still in customer database addressbookid with id 0

 

any idea?

Share this post


Link to post
Share on other sites

Hi,

 

I've just downloaded osCommerce 2.2 Milestone 2 Update 060817 dated 17-08-2006 and after having problems with Register Globals found this thread.

 

I've now realised that the pre-patched files won't work with this (or may not anyhow) and I'm not confident about doing it manually.

 

Is it likely an updated version of this contribution will appear in the near future?

 

I'm hoping Richard has subscribed to this thread and will enlighten us :-"

 

This contribution is invaluable to new to newbies like me. Thanks Richard.

 

Mark

Share this post


Link to post
Share on other sites
Hi,

 

I've just downloaded osCommerce 2.2 Milestone 2 Update 060817 dated 17-08-2006 and after having problems with Register Globals found this thread.

...

I didn't even realise there was a new version of OSC. I'll look at it and update the register globals contribution accordingly. It will probably take me a few days to get round to it though.

 

Rich.

Share this post


Link to post
Share on other sites
I didn't even realise there was a new version of OSC. I'll look at it and update the register globals contribution accordingly. It will probably take me a few days to get round to it though.

 

Rich.

 

Thanks Rich, you've just made my day.

Share this post


Link to post
Share on other sites

Put up version 1.5 of the register globals patch.

 

This will work for the 17/08/2006 release of OSC

 

regards,

 

Rich.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×