Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

JUST RELEASED! Printable Catalog


Guest

Recommended Posts

Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

Link to comment
Share on other sites

  • 1 month later...
Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

 

 

Hi, I still think there is a sql injection flaw in this module, so i'm removing this from my sites, for example, on your demo site try this: catalog_products_with_images.php?listing=%20&page=\''SQL

 

Thats just a test from a PCI compliance scan I had.

 

catalog_products_with_images.php See Above Urgent 80 SQL

Regular expression used to detect attack:

You have an error in your SQL syntax

Parameters:

page = \''SQL

listing =

URL: http://www.mysite.com:80/catalog_products_...es.php?listing= &page=\''SQL

Link to comment
Share on other sites

  • 2 months later...
Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks.

 

I have updated the package to correctly sanitize input to no longer allow xss attacks.

 

Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole.

 

Download it here: http://addons.oscommerce.com/info/1410

 

I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this?

 

Thanks in advance for any help!

Link to comment
Share on other sites

  • 2 weeks later...

Pretty cool contribution. We are using it for back office product admin.

 

However, there's something wrong with the "Date Added" column (which we happen to need). If I turn on both options, the Date column header appears, but it's always over to the left, seems to take the place of Name, and shifts other column header over one place. Just the Header appears, but no Dates below it.

 

Also, if you click the Up Arrow Sort button on any column, it sorts by that column properly (nice feature by the way). But, if you click the Down Arrow Sort button, it sorts by Date added (you can see it in the URL). This is with both Date options turned off or hidden.

Link to comment
Share on other sites

I have installed this contribution and have one major problem. I have read through the entire forum on this and have noted that others have had the same problem. However, I have not seen where or how their problem was solved. The problem I am having is when I go to the catalog, I can only see the first page. The links at the bottom and the sorting do not work, they only reload the same first page with the same sort order. What is the fix for this?

 

Thanks in advance for any help!

 

 

I have the some problem, I can´t see the other items that I have, and the sort buttons don´t work, does any one know to fix this, I have to resolve this very quickly.

Link to comment
Share on other sites

  • 1 month later...

arrrgghhhhh subcategories products not shown in the printable catalog with Printable_Catalog_2.3 by webschiff .

 

Any help to modify the query?

Link to comment
Share on other sites

here are the quety that don't show products in subcategories.

 

$print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name";

Link to comment
Share on other sites

  • 1 month later...
  • 4 weeks later...

Hi,

 

Has anyone sorted out the bugs yet with the sorting of columns?

 

Also when I enable descriptions it only shows the first two products..

 

Would love to be able to get this to work as it is a good contrib.

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

  • 1 month later...
  • 2 months later...
  • 1 month later...

Scratch that last post.... I figured out that I was in the catalog/print_catalog.php file rather than the catalog/includes/modules/print_catalog.php file. I found the URL to replace.

 

Thanks so much for your help!!!

 

 

Hello Everyone,

 

I have the same problem i couldnt find any URL in any file neither catalog/print_catalog nor /module/print_catalog.

my page display blank : http://www.cantex.name/print_catalog.php

 

where i have to put my website URL.

 

plz anyone me.

Link to comment
Share on other sites

  • 1 month later...

here are the quety that don't show products in subcategories.

 

$print_catalog_query_raw = "select distinct p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_image, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, p.products_date_added, cd.categories_name, m.manufacturers_name from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on p.products_id=p2c.products_id left join " . TABLE_CATEGORIES . " c on p2c.categories_id=c.categories_id left join " . TABLE_CATEGORIES_DESCRIPTION . " cd on c.parent_id='0' and c.categories_id=cd.categories_id left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id and pd.language_id = '" . $languages_id . "' left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . $languages_id . "' and cd.language_id = '" . $languages_id . "' order by cd.categories_name, c.parent_id, c.sort_order, c.categories_id, pd.products_name";

 

Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine.

Link to comment
Share on other sites

Anyone ever figure this out???? My subcategories aren't showing either... only items listed in categories show. I have a sneaking suspicion that if I moved the items in the categories into subcategories, such that all items were in subcategories, it would work fine.

Nope, just moved the items directly in the categories into new subcategories and no dice. Now it says there are no products to show! So now I guess I'll pick through the query to see what I can find...

Link to comment
Share on other sites

  • 3 weeks later...

Hi,

 

Has anyone sorted out the bugs yet with the sorting of columns?

 

Also when I enable descriptions it only shows the first two products..

 

Would love to be able to get this to work as it is a good contrib.

 

Thanks

 

I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :)

Link to comment
Share on other sites

I'm also having this problem - I had it working fine on a register_globals on/mysql4/php4 server, but I have just moved to register_globals off/mysql5/php5 and the sorting and the page links no longer work. Have no idea why. For now, I guess I'll have to take this off the website - hopefully there is a solution out there somewhere in the future :)

 

Fixed the sorting issue...

Sorting options not working

This appears to be a register_globals issue - to fix, find switch ($listing) { and replace with switch ($_GET['listing']) { in catalog_products_with_images.php

 

Still trying to figure out the page links issue. Not sure if I'll be able to figure it out...

Link to comment
Share on other sites

  • 4 months later...

Can anyone help on this forum? I have seen it already, that it goes for some. I do not understand that nobody is willing to help. Since I'm probably not the only one who has this problem.

Edited by Jimmy62
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...