Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

No emails since updates to stop spam


QIKAZZ

Recommended Posts

Last Friday I done the following updates, as outlined in the manual update page, to try and stop spammers attacking me, but since then I have not been receiving any emails, can someone please help.

 

Cheers

 

Azz

 

Session ID XSS Issue Done 15-12-06

http://www.oscommerce.com/community/bugs,1546

------------------------------------------------------------------------------

 

Problem:

 

A cross site scripting issue exists with malformed session IDs being used in the tep_href_link() function.

 

Solution:

 

Line 66 in catalog/includes/functions/html_output.php must be changed from:

 

$link .= $separator . $_sid;

 

to:

 

$link .= $separator . tep_output_string($_sid);

 

------------------------------------------------------------------------------

Validate Session ID Done 15-12-06

------------------------------------------------------------------------------

 

Problem:

 

Validate the session ID and redirect to the front page when an invalid session ID is requested.

 

Solution:

 

The following function must be replaced in catalog/includes/functions/sessions.php.

 

Lines 66-68, from:

 

function tep_session_start() {

return session_start();

}

 

to:

 

function tep_session_start() {

global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;

 

$sane_session_id = true;

 

if (isset($HTTP_GET_VARS[tep_session_name()])) {

if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) {

unset($HTTP_GET_VARS[tep_session_name()]);

 

$sane_session_id = false;

}

} elseif (isset($HTTP_POST_VARS[tep_session_name()])) {

if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) {

unset($HTTP_POST_VARS[tep_session_name()]);

 

$sane_session_id = false;

}

} elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) {

if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) {

$session_data = session_get_cookie_params();

 

setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']);

 

$sane_session_id = false;

}

}

 

if ($sane_session_id == false) {

tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));

}

 

return session_start();

}

------------------------------------------------------------------------------

HTTP Header Injection – Done 15-12-06

------------------------------------------------------------------------------

 

Problem:

 

By using malicious data it is possible to inject headers into HTTP requests.

Solution:

 

The following function must be replaced in catalog/includes/functions/general.php.

 

Lines 22-32, from:

 

function tep_redirect($url) {

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page

if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url

$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL

}

}

 

header('Location: ' . $url);

 

tep_exit();

}

 

to:

 

function tep_redirect($url) {

if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) {

tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));

}

 

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page

if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url

$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL

}

}

 

header('Location: ' . $url);

 

tep_exit();

}

 

The following function must be replaced in catalog/admin/includes/functions/general.php.

 

Lines 15-26, from:

 

function tep_redirect($url) {

global $logger;

 

header('Location: ' . $url);

 

if (STORE_PAGE_PARSE_TIME == 'true') {

if (!is_object($logger)) $logger = new logger;

$logger->timer_stop();

}

 

exit;

}

 

to:

 

function tep_redirect($url) {

global $logger;

 

if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) {

tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));

}

 

header('Location: ' . $url);

 

if (STORE_PAGE_PARSE_TIME == 'true') {

if (!is_object($logger)) $logger = new logger;

$logger->timer_stop();

}

 

exit;

}

 

------------------------------------------------------------------------------

E-Mail Header Injection Done 15-12-06

http://www.oscommerce.com/community/bugs,2488

------------------------------------------------------------------------------

 

Problem:

 

By using malicious data it is possible to inject headers into emails the online store sends.

 

Solution:

 

The following function must be replaced in catalog/includes/classes/email.php and catalog/admin/includes/classes/email.php.

 

Lines 473-504, from:

 

function send($to_name, $to_addr, $from_name, $from_addr, $subject = '', $headers = '') {

$to = (($to_name != '') ? '"' . $to_name . '" <' . $to_addr . '>' : $to_addr);

$from = (($from_name != '') ? '"' . $from_name . '" <' . $from_addr . '>' : $from_addr);

 

if (is_string($headers)) {

$headers = explode($this->lf, trim($headers));

}

 

for ($i=0; $i<count($headers); $i++) {

if (is_array($headers[$i])) {

for ($j=0; $j<count($headers[$i]); $j++) {

if ($headers[$i][$j] != '') {

$xtra_headers[] = $headers[$i][$j];

}

}

}

 

if ($headers[$i] != '') {

$xtra_headers[] = $headers[$i];

}

}

 

if (!isset($xtra_headers)) {

$xtra_headers = array();

}

 

if (EMAIL_TRANSPORT == 'smtp') {

return mail($to_addr, $subject, $this->output, 'From: ' . $from . $this->lf . 'To: ' . $to . $this->lf . implode($this->lf, $this->headers) . $this->lf . implode($this->lf, $xtra_headers));

} else {

return mail($to, $subject, $this->output, 'From: '.$from.$this->lf.implode($this->lf, $this->headers).$this->lf.implode($this->lf, $xtra_headers));

}

}

 

to:

 

function send($to_name, $to_addr, $from_name, $from_addr, $subject = '', $headers = '') {

if ((strstr($to_name, "\n") != false) || (strstr($to_name, "\r") != false)) {

return false;

}

 

if ((strstr($to_addr, "\n") != false) || (strstr($to_addr, "\r") != false)) {

return false;

}

 

if ((strstr($subject, "\n") != false) || (strstr($subject, "\r") != false)) {

return false;

}

 

if ((strstr($from_name, "\n") != false) || (strstr($from_name, "\r") != false)) {

return false;

}

 

if ((strstr($from_addr, "\n") != false) || (strstr($from_addr, "\r") != false)) {

return false;

}

 

$to = (($to_name != '') ? '"' . $to_name . '" <' . $to_addr . '>' : $to_addr);

$from = (($from_name != '') ? '"' . $from_name . '" <' . $from_addr . '>' : $from_addr);

 

if (is_string($headers)) {

$headers = explode($this->lf, trim($headers));

}

 

for ($i=0; $i<count($headers); $i++) {

if (is_array($headers[$i])) {

for ($j=0; $j<count($headers[$i]); $j++) {

if ($headers[$i][$j] != '') {

$xtra_headers[] = $headers[$i][$j];

}

}

}

 

if ($headers[$i] != '') {

$xtra_headers[] = $headers[$i];

}

}

 

if (!isset($xtra_headers)) {

$xtra_headers = array();

}

 

if (EMAIL_TRANSPORT == 'smtp') {

return mail($to_addr, $subject, $this->output, 'From: ' . $from . $this->lf . 'To: ' . $to . $this->lf . implode($this->lf, $this->headers) . $this->lf . implode($this->lf, $xtra_headers));

} else {

return mail($to, $subject, $this->output, 'From: '.$from.$this->lf.implode($this->lf, $this->headers).$this->lf.implode($this->lf, $xtra_headers));

}

}

 

------------------------------------------------------------------------------

Contact Us Form XSS Issue Done 15-12-06

http://www.oscommerce.com/community/bugs,2422

------------------------------------------------------------------------------

 

Problem:

 

By using malicious data it is possible to inject HTML into the page.

 

Solution:

 

Lines 221-225 in catalog/includes/functions/html_output.php must be changed from:

 

if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {

$field .= stripslashes($GLOBALS[$name]);

} elseif (tep_not_null($text)) {

$field .= $text;

}

 

to:

 

if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {

$field .= tep_output_string_protected(stripslashes($GLOBALS[$name]));

} elseif (tep_not_null($text)) {

$field .= tep_output_string_protected($text);

}

 

Lines 244-248 in catalog/admin/includes/functions/html_output.php must be changed from:

 

if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {

$field .= stripslashes($GLOBALS[$name]);

} elseif (tep_not_null($text)) {

$field .= $text;

}

 

to:

 

if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {

$field .= tep_output_string_protected(stripslashes($GLOBALS[$name]));

} elseif (tep_not_null($text)) {

$field .= tep_output_string_protected($text);

}

 

------------------------------------------------------------------------------

Open Redirector Done 15-12-06

http://www.oscommerce.com/community/bugs,2970

------------------------------------------------------------------------------

 

Problem:

 

There is no URL checking being performed on the redirection page, and allows external sources to use the page as an open redirect relay.

 

Solution:

 

Lines 27-29 in catalog/redirect.php must be changed from:

 

if (isset($HTTP_GET_VARS['goto']) && tep_not_null($HTTP_GET_VARS['goto'])) {

tep_redirect('http://' . $HTTP_GET_VARS['goto']);

}

 

to:

 

if (isset($HTTP_GET_VARS['goto']) && tep_not_null($HTTP_GET_VARS['goto'])) {

$check_query = tep_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_url = '" . tep_db_input($HTTP_GET_VARS['goto']) . "' limit 1");

if (tep_db_num_rows($check_query)) {

tep_redirect('http://' . $HTTP_GET_VARS['goto']);

}

}

 

------------------------------------------------------------------------------

Extra Slashes In New Products – Done 15-12-06

------------------------------------------------------------------------------

 

Problem:

 

When new products are entered and previewed, hitting the back button to edit the product data again adds extra slashes to apostrophes in the products name and description.

 

Solution:

 

The following lines must be replaced in catalog/admin/categories.php:

 

Line 504, from:

 

<td class="main"><?php echo tep_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . ' ' . tep_draw_input_field('products_name[' . $languages[$i]['id'] . ']', (isset($products_name[$languages[$i]['id']]) ? $products_name[$languages[$i]['id']] : tep_get_products_name($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

to:

 

<td class="main"><?php echo tep_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . ' ' . tep_draw_input_field('products_name[' . $languages[$i]['id'] . ']', (isset($products_name[$languages[$i]['id']]) ? stripslashes($products_name[$languages[$i]['id']]) : tep_get_products_name($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

Line 538, from:

 

<td class="main"><?php echo tep_draw_textarea_field('products_description[' . $languages[$i]['id'] . ']', 'soft', '70', '15', (isset($products_description[$languages[$i]['id']]) ? $products_description[$languages[$i]['id']] : tep_get_products_description($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

to:

 

<td class="main"><?php echo tep_draw_textarea_field('products_description[' . $languages[$i]['id'] . ']', 'soft', '70', '15', (isset($products_description[$languages[$i]['id']]) ? stripslashes($products_description[$languages[$i]['id']]) : tep_get_products_description($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

Line 574, from:

 

<td class="main"><?php echo tep_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . ' ' . tep_draw_input_field('products_url[' . $languages[$i]['id'] . ']', (isset($products_url[$languages[$i]['id']]) ? $products_url[$languages[$i]['id']] : tep_get_products_url($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

to:

 

<td class="main"><?php echo tep_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . ' ' . tep_draw_input_field('products_url[' . $languages[$i]['id'] . ']', (isset($products_url[$languages[$i]['id']]) ? stripslashes($products_url[$languages[$i]['id']]) : tep_get_products_url($pInfo->products_id, $languages[$i]['id']))); ?></td>

Link to comment
Share on other sites

  • 2 weeks later...
Last Friday I done the following updates, as outlined in the manual update page, to try and stop spammers attacking me, but since then I have not been receiving any emails, can someone please help.

 

Cheers

 

Azz

 

Session ID XSS Issue Done 15-12-06

http://www.oscommerce.com/community/bugs,1546

------------------------------------------------------------------------------

 

Problem:

 

A cross site scripting issue exists with malformed session IDs being used in the tep_href_link() function.

 

Solution:

 

Line 66 in catalog/includes/functions/html_output.php must be changed from:

 

$link .= $separator . $_sid;

 

to:

 

$link .= $separator . tep_output_string($_sid);

 

------------------------------------------------------------------------------

Validate Session ID Done 15-12-06

------------------------------------------------------------------------------

 

Problem:

 

Validate the session ID and redirect to the front page when an invalid session ID is requested.

 

Solution:

 

The following function must be replaced in catalog/includes/functions/sessions.php.

 

Lines 66-68, from:

 

function tep_session_start() {

return session_start();

}

 

to:

 

function tep_session_start() {

global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;

 

$sane_session_id = true;

 

if (isset($HTTP_GET_VARS[tep_session_name()])) {

if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) {

unset($HTTP_GET_VARS[tep_session_name()]);

 

$sane_session_id = false;

}

} elseif (isset($HTTP_POST_VARS[tep_session_name()])) {

if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) {

unset($HTTP_POST_VARS[tep_session_name()]);

 

$sane_session_id = false;

}

} elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) {

if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) {

$session_data = session_get_cookie_params();

 

setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']);

 

$sane_session_id = false;

}

}

 

if ($sane_session_id == false) {

tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));

}

 

return session_start();

}

------------------------------------------------------------------------------

HTTP Header Injection – Done 15-12-06

------------------------------------------------------------------------------

 

Problem:

 

By using malicious data it is possible to inject headers into HTTP requests.

Solution:

 

The following function must be replaced in catalog/includes/functions/general.php.

 

Lines 22-32, from:

 

function tep_redirect($url) {

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page

if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url

$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL

}

}

 

header('Location: ' . $url);

 

tep_exit();

}

 

to:

 

function tep_redirect($url) {

if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) {

tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));

}

 

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page

if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url

$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL

}

}

 

header('Location: ' . $url);

 

tep_exit();

}

 

The following function must be replaced in catalog/admin/includes/functions/general.php.

 

Lines 15-26, from:

 

function tep_redirect($url) {

global $logger;

 

header('Location: ' . $url);

 

if (STORE_PAGE_PARSE_TIME == 'true') {

if (!is_object($logger)) $logger = new logger;

$logger->timer_stop();

}

 

exit;

}

 

to:

 

function tep_redirect($url) {

global $logger;

 

if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) {

tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));

}

 

header('Location: ' . $url);

 

if (STORE_PAGE_PARSE_TIME == 'true') {

if (!is_object($logger)) $logger = new logger;

$logger->timer_stop();

}

 

exit;

}

 

------------------------------------------------------------------------------

E-Mail Header Injection Done 15-12-06

http://www.oscommerce.com/community/bugs,2488

------------------------------------------------------------------------------

 

Problem:

 

By using malicious data it is possible to inject headers into emails the online store sends.

 

Solution:

 

The following function must be replaced in catalog/includes/classes/email.php and catalog/admin/includes/classes/email.php.

 

Lines 473-504, from:

 

function send($to_name, $to_addr, $from_name, $from_addr, $subject = '', $headers = '') {

$to = (($to_name != '') ? '"' . $to_name . '" <' . $to_addr . '>' : $to_addr);

$from = (($from_name != '') ? '"' . $from_name . '" <' . $from_addr . '>' : $from_addr);

 

if (is_string($headers)) {

$headers = explode($this->lf, trim($headers));

}

 

for ($i=0; $i<count($headers); $i++) {

if (is_array($headers[$i])) {

for ($j=0; $j<count($headers[$i]); $j++) {

if ($headers[$i][$j] != '') {

$xtra_headers[] = $headers[$i][$j];

}

}

}

 

if ($headers[$i] != '') {

$xtra_headers[] = $headers[$i];

}

}

 

if (!isset($xtra_headers)) {

$xtra_headers = array();

}

 

if (EMAIL_TRANSPORT == 'smtp') {

return mail($to_addr, $subject, $this->output, 'From: ' . $from . $this->lf . 'To: ' . $to . $this->lf . implode($this->lf, $this->headers) . $this->lf . implode($this->lf, $xtra_headers));

} else {

return mail($to, $subject, $this->output, 'From: '.$from.$this->lf.implode($this->lf, $this->headers).$this->lf.implode($this->lf, $xtra_headers));

}

}

 

to:

 

function send($to_name, $to_addr, $from_name, $from_addr, $subject = '', $headers = '') {

if ((strstr($to_name, "\n") != false) || (strstr($to_name, "\r") != false)) {

return false;

}

 

if ((strstr($to_addr, "\n") != false) || (strstr($to_addr, "\r") != false)) {

return false;

}

 

if ((strstr($subject, "\n") != false) || (strstr($subject, "\r") != false)) {

return false;

}

 

if ((strstr($from_name, "\n") != false) || (strstr($from_name, "\r") != false)) {

return false;

}

 

if ((strstr($from_addr, "\n") != false) || (strstr($from_addr, "\r") != false)) {

return false;

}

 

$to = (($to_name != '') ? '"' . $to_name . '" <' . $to_addr . '>' : $to_addr);

$from = (($from_name != '') ? '"' . $from_name . '" <' . $from_addr . '>' : $from_addr);

 

if (is_string($headers)) {

$headers = explode($this->lf, trim($headers));

}

 

for ($i=0; $i<count($headers); $i++) {

if (is_array($headers[$i])) {

for ($j=0; $j<count($headers[$i]); $j++) {

if ($headers[$i][$j] != '') {

$xtra_headers[] = $headers[$i][$j];

}

}

}

 

if ($headers[$i] != '') {

$xtra_headers[] = $headers[$i];

}

}

 

if (!isset($xtra_headers)) {

$xtra_headers = array();

}

 

if (EMAIL_TRANSPORT == 'smtp') {

return mail($to_addr, $subject, $this->output, 'From: ' . $from . $this->lf . 'To: ' . $to . $this->lf . implode($this->lf, $this->headers) . $this->lf . implode($this->lf, $xtra_headers));

} else {

return mail($to, $subject, $this->output, 'From: '.$from.$this->lf.implode($this->lf, $this->headers).$this->lf.implode($this->lf, $xtra_headers));

}

}

 

------------------------------------------------------------------------------

Contact Us Form XSS Issue Done 15-12-06

http://www.oscommerce.com/community/bugs,2422

------------------------------------------------------------------------------

 

Problem:

 

By using malicious data it is possible to inject HTML into the page.

 

Solution:

 

Lines 221-225 in catalog/includes/functions/html_output.php must be changed from:

 

if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {

$field .= stripslashes($GLOBALS[$name]);

} elseif (tep_not_null($text)) {

$field .= $text;

}

 

to:

 

if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {

$field .= tep_output_string_protected(stripslashes($GLOBALS[$name]));

} elseif (tep_not_null($text)) {

$field .= tep_output_string_protected($text);

}

 

Lines 244-248 in catalog/admin/includes/functions/html_output.php must be changed from:

 

if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {

$field .= stripslashes($GLOBALS[$name]);

} elseif (tep_not_null($text)) {

$field .= $text;

}

 

to:

 

if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {

$field .= tep_output_string_protected(stripslashes($GLOBALS[$name]));

} elseif (tep_not_null($text)) {

$field .= tep_output_string_protected($text);

}

 

------------------------------------------------------------------------------

Open Redirector Done 15-12-06

http://www.oscommerce.com/community/bugs,2970

------------------------------------------------------------------------------

 

Problem:

 

There is no URL checking being performed on the redirection page, and allows external sources to use the page as an open redirect relay.

 

Solution:

 

Lines 27-29 in catalog/redirect.php must be changed from:

 

if (isset($HTTP_GET_VARS['goto']) && tep_not_null($HTTP_GET_VARS['goto'])) {

tep_redirect('http://' . $HTTP_GET_VARS['goto']);

}

 

to:

 

if (isset($HTTP_GET_VARS['goto']) && tep_not_null($HTTP_GET_VARS['goto'])) {

$check_query = tep_db_query("select products_url from " . TABLE_PRODUCTS_DESCRIPTION . " where products_url = '" . tep_db_input($HTTP_GET_VARS['goto']) . "' limit 1");

if (tep_db_num_rows($check_query)) {

tep_redirect('http://' . $HTTP_GET_VARS['goto']);

}

}

 

------------------------------------------------------------------------------

Extra Slashes In New Products – Done 15-12-06

------------------------------------------------------------------------------

 

Problem:

 

When new products are entered and previewed, hitting the back button to edit the product data again adds extra slashes to apostrophes in the products name and description.

 

Solution:

 

The following lines must be replaced in catalog/admin/categories.php:

 

Line 504, from:

 

<td class="main"><?php echo tep_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . ' ' . tep_draw_input_field('products_name[' . $languages[$i]['id'] . ']', (isset($products_name[$languages[$i]['id']]) ? $products_name[$languages[$i]['id']] : tep_get_products_name($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

to:

 

<td class="main"><?php echo tep_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . ' ' . tep_draw_input_field('products_name[' . $languages[$i]['id'] . ']', (isset($products_name[$languages[$i]['id']]) ? stripslashes($products_name[$languages[$i]['id']]) : tep_get_products_name($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

Line 538, from:

 

<td class="main"><?php echo tep_draw_textarea_field('products_description[' . $languages[$i]['id'] . ']', 'soft', '70', '15', (isset($products_description[$languages[$i]['id']]) ? $products_description[$languages[$i]['id']] : tep_get_products_description($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

to:

 

<td class="main"><?php echo tep_draw_textarea_field('products_description[' . $languages[$i]['id'] . ']', 'soft', '70', '15', (isset($products_description[$languages[$i]['id']]) ? stripslashes($products_description[$languages[$i]['id']]) : tep_get_products_description($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

Line 574, from:

 

<td class="main"><?php echo tep_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . ' ' . tep_draw_input_field('products_url[' . $languages[$i]['id'] . ']', (isset($products_url[$languages[$i]['id']]) ? $products_url[$languages[$i]['id']] : tep_get_products_url($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

to:

 

<td class="main"><?php echo tep_image(DIR_WS_CATALOG_LANGUAGES . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], $languages[$i]['name']) . ' ' . tep_draw_input_field('products_url[' . $languages[$i]['id'] . ']', (isset($products_url[$languages[$i]['id']]) ? stripslashes($products_url[$languages[$i]['id']]) : tep_get_products_url($pInfo->products_id, $languages[$i]['id']))); ?></td>

 

Hello,

 

I have the snap of January 2003. Can I then apply all of the changes above to my snap?

 

Thanks.

 

Albert

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...