Contributions

Dutch language patch file "password_forgotten.php" to be placed in "catalog/inclues/languages/dutch"

Unfortunatelly your solution generates a warning:
Warning: array_key_exists() [function.array-key-exists]: The first argument should be either a string or an integer in ...


Modify function to:
function tep_session_is_registered($variable) {
// >>> BEGIN REGISTER_GLOBALS
// return session_is_registered($variable);
return (isset($_SESSION[$variable]));
// <<< END REGISTER_GLOBALS
}

(zip file is empty)

Since I wrote the original Register Globals contribution, there has been an awful lot of rubbish and "updates" (I use the term loosely) added to it. If you want to use the Register Gloabals contribution, then use the following version :-

V1.5 - 5 Sept 2006 (either the tar or zip version - they are identical) - yes, it's quite old now, but that doesn't mean it needs updating.

You may also wish to look at the bug fixes posted by "splautz" between the 5th and 9th October 2006. I have not tried these fixes myself but I have reason to think they are ok and worth a look.

EVERYTHING after 9th October is rubbish - ignore it!!! (I don't read German so I can't comment on the posting dates 8th Sept. 2007)

Hope this helps.

And a note to any would-be contributors - posting up rubbish, "fixes" that are completely out of the scope of this contribution, spam, and "hey - this is a great contribution!" postings is NOT helpful to anyone. Please don't do it - start a new thread somewhere if you must post it.

regards,

Richard Bentley (CMOTD)

ps - ignore the attached zip file - it's empty.

Voici le fichier diff pour corriger le problème de la configuration register_globals.
Il patch la version 2.2MS2 pour permettre de tourner register_globals à OFF dans votre php.ini et sécuriser les variables globales

Pour de l'aide sur l'installation:
http://blog.umbt.ca/pplevesque/2007/09/08/patch-pour-oscommerce-22-milestone-2-et-register_globals/

If you add the following link to your .htaccess file oscommerce will work fine. My .htaccess file consists of one line this.

php_flag register_globals on


put that in your .htaccess file and you will be able to run os commerce with register globals off in your php.ini

i came across this thread yesterday. Looks like it is a much better solution than any other so far.

The up to date complete set of patch files.

File For Register Globals

function tep_session_is_registered($variable) {
// >>> BEGIN REGISTER_GLOBALS
// return session_is_registered($variable);
return (isset($_SESSION) && array_key_exists($variable,$_SESSION));
// <<< END REGISTER_GLOBALS
}

I found a bug in the bug fix.. This is the updated bug fix file with only the following change made:

function tep_session_is_registered($variable) {
// >>> BEGIN REGISTER_GLOBALS
// return session_is_registered($variable);
return (isset($_SESSION) && array_key_exists($variable,$_SESSION));
// <<< END REGISTER_GLOBALS
}

The isset is required to prevent a possible array_key_exist warning. This happens when tep_session_is_registered is called when no $_SESSION array yet exists.

Same fix as below. I just updated the instructions.

This is not a complete install file. You must download and install Register Globals v1.5 first before applying this file.
---------------------------------------------
After installing the Register Globals contribution, newly added items were no longer being highlighted in the shopping cart box and our coupon code contribution stopped working. This fix corrects both these problems and likely others I hadn't yet found. The issue is related to bug that sometimes occurs when link_session_variable (or tep_session_register) is called from within a function.

As a bonus, I also include a fix to get uploads working with the Easy Populate contribution.

After installing the Register Globals contribution, newly added items were no longer being highlighted in the shopping cart box and our coupon code contribution to stopped working. This fix corrects both these problems and likely others I hadn't yet found. The issue is related to bug that sometimes occurs when link_session_variable (or tep_session_register) is called from within a function.

As a bonus, I also include a fix to get uploads working with the Easy Populate contribution.

This is exactly the same as the 'TAR' version but is packaged as a zip (because some people have problems with tar archives)

Read the README file for more details.

Rich.

Updated to match OSC security/bugfix release 17/08/2006. This version may also be directly used to patch the 13/11/2005 release.

Read the README file for more details

NOTE: The previous (v1.4) version seemed to have a bug whereby the pre-patched source files contained a trailing blank line. I can't seem to find a problem with my original source, so can not find any 'fix' to do for this. Very strange!

Simply removed all blank lines in question at very end of all files involved and uploaded with Rich's blessings.

"That's all folks"

Ref. V 1.4
----------

I don't know why, but all the pre-patched files for this contribution have had an extra blank line added to the very end of them. This is not a huge problem, but it can cause your web server logs to fill up with warnings and it should be corrected.

I will try and get round to updating and uploading the affected files, but in the meantime, if you use the pre-patched files you should remove the blank line from the very end of each file.

ie - within each fie, change this...
-------------------
?>

-end of file--------

...to...

-------------------
?>
-end of file--------

Sorry about this,

Rich.

This is EXACTLY the same as the previous post, but is packaged as a ZIP archive instead of a TAR archive (some people seem to have problems with TAR archives)

Rich.

V 1.4
-----

* Updated to match the OSC security/bugfix update to MS 2.2, dated 13/11/2005. This version will also work with older versions of MS 2.2, but read the README file first!

* Minor correction for "I've forgotten my login password" text; a variable that 'got away'!

* This version now includes...

1/ A set of line-by-line manual instructions. Good if you have other contributions applied to your code and don't want to zap them.

2/ A set of pre-patched files that will just drop-in to a clean copy of OSC.

-------------
As usual, full details of the update can be found in the CHANGE_HISTORY file.

Before you do anything with this patch, read the README file!!!

Rich.

If you have a previous version of osCommerce with multiple Mods installed like me (osc 2.2 MS1). You'll find that this fix to make your register globals set to "Off", is rather hard to implement.

I have found a "Quick Fix" to get your store up and working temporarily until you implement this fix, or do your script updates.

This method is highly unsafe because it will still enable your register_globals to be turned "on". In essence, your store could still be prone to a hacking.

My webhost upgraded their version of PHP, and by default, they are setting up their servers with register globals_set to "off". They will not change the root php.ini file because it is a security issue.

So to work around this, read the attached file.

For fix php.ini

Nothing changed, only edited files following Richard instructions (great job Richard) from V 1.3.
Not edited to be used with EASY POPULATE installed.
Created the folders structure to be easy uploaded on your server.
Tested on osCommerce 2.2 Milestone 2 Update 051113.
Great job Richard!

Register globals off

--------------------------------------------------
QUICKFIX for register globals mod if you're getting an error similar to

"Illegal offset type in /<your catalog path>/functions/sessions.php"

somewhere around line 150.
--------------------------------------------------

Problem: The $var_name variable that is passed into the link_session_variable function is sometimes an array and causes the above error.

Solution: Discover whether it is an array at runtime and if so, convert it back to a standard string for use within the function.

Find the function "link_sesssion_variable" and add the following line inside the function at the very top of it:

if (is_array($var_name)) {$var_name = $var_name[0];}


--------------------------------------------------
As always... Use of this contribution is entirely at your own risk and you should always always always BACKUP first!

Only apply this fix if you're getting an illegal offset
caused by the link_session_variable function!

If anyone finds a better way to fix this problem please contribute.
--------------------------------------------------

// WARNING: I'm not sure about this line - maybe this is why 'Upload EP File' doesn't work

the following will fix the problem:

Quote:"2. The next and biggest problem I had lies in the server I use had "Register globals off" which caused form post and other

variables to come back empty.
Since my host don't allow register globals to be turned on - this is common on all new PHP versions (PHP 4.2.0 and later). I

solved this by adding a couple of lines at the top of easypopulate.php, after the $tempdir declarations:

// fix by jb 20040815 set the strings to http post/request, since they don't seem to work on the new server, with register

globals=off...
$dltype=$_REQUEST['dltype'];
$download=$_REQUEST['download'];

global $HTTP_POST_FILES;

foreach( $HTTP_POST_FILES as $varname => $fileinfo ){
$GLOBALS[$varname] = $fileinfo["tmp_name"];
$GLOBALS[$varname.'_name'] = $fileinfo["name"];
}
// end fix jb

I hope this will give some people a few days less work on how to get EasyPopulate to work!
Regards Jonas "
end Quote
Read the following topic for more

http://forums.oscommerce.com/index.php?showtopic=108825&hl=

all credits goes Regards Jonas

Thank you!

>> BUGFIX <<

I found some errors in the session management code (3 in catalog and 2 in admin). The errors don't seem to be causing any problems, but nonetheless.

I also included an OTHER_CONTRIBUTIONS file that should point you in the right direction if you are trying to get other contributions working with register globals switched off.

See the CHANGE_HISTORY file for full details of what has changed - you should be able to just replace the faulty functions with the new ones.

RIch.

Made some minor changes to the instructions because some people seem to be coming unstuck when applying this patch.

I have also expanded the introductory text to just clear up a few points.

>>> NOTE <<<

This version DOES NOT change in any way the actual patch - it is EXACTLY the same as V 1.2.1 - All I have done is clarify the instructions a bit

As an aside, I have not received any further problem reports since V 1.2.1, so as far as I know, this works ok.

Remember, the support thread is here :
http://forums.oscommerce.com/index.php?&showtopic=93343

Rich.

I zipped the wrong files in my previous release. This one is correct.

This register global-patch doesn't require you to edit any files.

Thanks very much indeed. May your knowledge of php increase further! The codes you provided work and have reduced my stress levels.

Yet another update.

Changes are :
* Further correction to make easypopulate work
* Some minor tidying up
* Added patch for credit cards in the order form - tnaks to Ben Noji for posting this some time ago
* Improved the README file

As always, PLEASE read the README file before installing - it really could save you some considerable hassle

See the CHANGE_HISTORY file for full details of what has changed

-----------

As far as I know, this version is as up to date as it can be. I am not aware of any other problems that are not addressed.

If you look at the support forum you will see other problems listed. I have looked into all these (plus several others that were posted to me directly), but those that are not addressed in the patch are either unreproduceable (by me, and in some cases by the person finding the bug in the first place), or are clearly down to issues to do with bad installation or other contributions that I simply do not have the time or inclination to address)

Rich.

Here's a small update.

The main thing this adds is a patch to make easypopulate work.

See the CHANGE_HISTORY file for full details.


Rich.

This is the OSC2.2 with the REGISTER GLOBALS 1.1.2 inside.

You can install the file directly as if you were doing the standard OSC installation, the only change is that the patch is already working and embedded in the code.

You need to have register globals set to NO in the php.ini to make this work.

You can download it from :
http://www.infocuscg.com/downloads/oscommerce/oscommerce-patch.tar

Before a new installation, the file 'catalog/install/includes/application.php' has to be modified. I added instructions to the "catalog" text file enclosed.

I've also included modified *.php files (from oscommerce-2.2ms2) ... these will work for those of you starting from scratch.

Enjoy!

fixed file:admin_patch.php
fixed error: header is allready sent error (line 18 general.php)

not much tested

This incluses some of the changes that have been included in v1.1, but not all (see v1.1 if you want the extra functionality that it provides).

Also included are a couple of other bug fixes that have come to light from the support thread.

See the enclosed CHANGE_HISTORY file for further details.

Thanks especially to Alexander Heim for his bug reports / fixes.

I just changed tep_session_unregister and tep_session_destroy in the way, that also unset on $_SESSION is used to remove the variables for real from the session. This was maybe a bug in the first version of this contribution. In the first Version, i was for example unable to logout of the shop. To make sure, that there are no conflicts with other possible variables in $_SESSION and to only handle the Global-Variables with this contribution, i added a suffix to all of the handled variables, while storing and reading to and from $_SESSION.

Alex

Support for this contribution can be found here...

http://forums.oscommerce.com/index.php?&showtopic=93343

Rich.

This is a patch that will remove the need to enable 'register_globals' in the php.ini file. In fact, once it is applied,, register_globals MUST be disabled otherwise it will not work.

Read the README file for details

Feedback on this is highly encouraged.