Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

update cart is insecure


awinner

Recommended Posts

searched as much as i could and cant see anyone else with this problem. I have my own ssl cert installed (not shared). Everything works fine except when a user clicks on the cart contents button and then tries to update the cart, if you do this it tells you that you are going to send info over an unencrypted connection.

 

The problem appears to be that when you click on cart contents, you automatically go into https mode and then the update cart takes you out into http. This happens weather you are logged in or not.

 

Any ideas on what i have done wrong?

 

my site is http://www.designerz.com.au , not a live site yet.

 

thanks

Julian

Link to comment
Share on other sites

Ok, after a bit of debugging ive got a solution that works for me. I went to a couple of sites on the feedback forum and did see that others are having similar problems.

 

My problem appears to be caused by the STS contrib. If i turn it off the problem disappears. However I wanted to use STS. When using STS $cartcontents brings up the cart with https but the post url is http. I modified shopping_cart.php so that the post url is https

 

Line before mod

<td width="100%" valign="top"><?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_SHOPPING_CART, 'action=update_product')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">

 

after mod:

 

<td width="100%" valign="top"><?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_SHOPPING_CART, 'action=update_product' , 'SSL')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">

 

 

If anyone can see any negative consequences, please let me know.

 

Julian

Link to comment
Share on other sites

  • 6 months later...

Hey Julian,

Just wanted to say thanks, only just realised this problem was occurring on my site (after being live for 2 years, who knows how long it's been happening! I obviously didn't test this side of my site as much as I should have, no-one has mentioned it!)

 

Anyway, your fix helped, thanks :)

Link to comment
Share on other sites

the shopping_cart.php page shouldn't be secured anyways ... no point for it .. The only input it takes on this page is the quantity box ... why would you want to make sure that is secured??

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...