Jump to content

tbirnseth's Content

There have been 459 items by tbirnseth (Search limited from 27-Jul 20)



Sort by                Order  

#329806 Security Warning

Posted by tbirnseth on 22 July 2020 - 06:22 PM in Third-Party Services

If valid, you should report this directly to helpdesk so they can escalate and investigate the issue.




#329805 Has This Changed For Anyone Else?

Posted by tbirnseth on 22 July 2020 - 05:54 PM in Developers' Corner

If there was a duplicate function name, I'd get a php error at runtime.
Here is the exact copy/paste from addon.xml.
 
<functions>
  <item for="install">
    ez_euro_texts_install
  </item>
</functions>

Using the new object oriented addon style

What do yo mean by the above? Documentation link?



#329779 How To Check If User Purchased An Item On The Product Page

Posted by tbirnseth on 21 July 2020 - 06:31 PM in General Questions

Create a function in my_changes/func.php like:
 
function my_check_previous_order($product_id, $user_id) {
  if( empty($user_id) || empty($product_id) ) return false;
  return db_get_field("SELECT count(od.product_id) FROM ?:orders AS o LEFT JOIN ?:order_details AS od ON od.order_id=o.order_id AND od.product_id=?i WHERE o.user_id=?i", $product_id, $user_id);
  UNTESTED
}
And then in template:
{assign var="ordered_before" value=$oi.product_id|my_check_previous_order:$auth.user_id}
[if $ordered_before}
  verified order
{/if}
I updated the db_query above to use db_get_field instead.



#329778 Limit Character Types In Profile Fields - I.e. First And Last Name

Posted by tbirnseth on 21 July 2020 - 06:19 PM in General Questions

Probably easiest way is to do something like this in app/addons/my_changes/controllers/common/profiles.pre.php

if( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
  $excluded_strings('http:', 'https:', 'ftp:', 'sftp:', 'ftps:');
  $exclude_fields('firstname', 'lastname');
 
  foreach($exclude_fields as $field) {
    if( !empty($_REQUEST[$field])  ) {
        foreach($excluded_strings as $str) {
          if( stripos($_REQUEST[$field], $str) !== false ) {
          die("Hacker go away!");
        }
      }
    }
  }
}
return array(CONTROLLER_STATUS_OK);



#329776 Posted Variable Values Being Stripped

Posted by tbirnseth on 21 July 2020 - 06:01 PM in Developers' Corner

I have a client who uses an addon from a different developer (not responding to their needs).  The addon is installed on 2 sites with the exact same version of cs-cart (including other addons and schemas).

 

On  site1 everything works fine.  There is a separate tab on the order.details page for shipping label info.  On this page there are form variables named like 'delivery_type', 'pkg_weight', etc. (not within a separate array container like my_shipping[delivery_type], my_shipping[pkg_weight]..  On site1, POSTed data comes through just fine with delivery_type=type1, pkg_weight=4.5.

 

However, on site2 the variable values are being stripped.    I.e. the variables are coming across, but empty.  I.e. delivery_type=, pkg_weight=

 

I had thought that maybe they were being stripped due to fn_trusted_vars() but there's no call to this on either site within this addon.  I also thought that a security issue would remove the variable and its value.

 

The schema tree of the two sites is the same.

 

Any pointers?




#329775 Has This Changed For Anyone Else?

Posted by tbirnseth on 21 July 2020 - 05:53 PM in Developers' Corner

I have in the past as well and it no longer seems to work on a client site (4.11.3).  I've added a mode for 'check_install' that will call it after the install, but seems like it should load func.php after the settings are created and that 'my_install_function' would be called....  Wish there were some kind of logging of installation issues other than what's reported as errors via notifications.




#329747 Mv Question: How To Have Vendor Shop Open In An Other Tab Automatically

Posted by tbirnseth on 20 July 2020 - 07:27 PM in Hints & Modifications

Thanks for the catch Ecom.  Path corrected in original post.




#329746 Speed Up Query

Posted by tbirnseth on 20 July 2020 - 07:24 PM in Issues & Troubleshooting

Well, there could be 10000 reasons why...  Cs-cart caches various things in its registry.  I.e. Settings, templates associated with a particular controller/mode as well as css and compiled templates themselves.

 

The most common source of slowness is failure to prune/truncate the cscart_logs table on a monthly or more frequent basis.  It can get pretty large and since it's updated by all sorts of areas, there can be quite a wait while the table is locked for update or read.  Alternately if your server ownerships/permissions are preventing the var/cache directory tree from being created, then you'll be regenerating everything from scratch on every page load.

 

You could also have 3rd party JS integrations that are blocking due to a variety of reasons.

 

Performance analysis can be very time consuming.  The first thing I would do is create a local_conf.php file something similar to:

if( $_SERVER['REMOTE_ADDR'] == [your ip address] ) {
  if( !defined('DEVELOPMENT') ) define('DEVELOPMENT', true);
  if( !defined('DEBUG']) define('DEBUG', true);
  ini_set('display_errors', true);
  error_reporting(E_ALL);
}

When you load a page you'll get a bug icon in the upper right of the screen.  Click it to open the debugger.  There's a lot there and too much to detail here, but that should get you started.  The SQL diags are actually pretty good.  But don't try to do import/exports with DEBUG enabled.  You'll run out of memory.

 

Is the backend slow as well?  Or just the frontend?




#329745 Has This Changed For Anyone Else?

Posted by tbirnseth on 20 July 2020 - 07:12 PM in Developers' Corner

Using a addon.xml section of:

<functions>
  <item for="install">
    my_install_function
  </item>
</functions>

No longer seems to work on a new install when my_install_function() is in func.php.  It used to work.

 

So how does one now call a private installation function when the addon is first installed?

 

And of course, there is no error indication at all.

 

Thoughts?