kbking Posted February 6, 2009 Share Posted February 6, 2009 Hi, It is when I am at checkout_payment.php and trigger any error messages by not giving enough information. For instance if I choose the payment method Purchase on Accont and don't fill in a Purchase Order Number an error message is triggered saying: Please enter your purchase order number. Now this all works on my development server where I'm testing before uploading to the remote server. I noticed that it doesn't work on the remote server. I'm redirected to log.php where I face this message: Your IP address has been logged -- Your IP is: 78.69.xxx.xx You shouldn't be here, so go away! This, I understand, is due to the contribution: anti xss script 1 - pci compliance - by pixclinic, which I have in my .htaccess. If I take out this contribution I'm instead redirected to login.php. I was stumped for a while, then I compared the URL:s. The one from the remote server reads: https://mydomain.com/checkout_payment.php?p...0c3269babcdcf3d While the one locally correctly reads: http://localhost/checkout_payment.php?paym...0c3269aabcdnf4d As you can see there are differences, namely two critical instances of the character sequence: amp; each one after the & sign, in the first URL. (=Right click and copy the link addresses to see the full path) I haven't been able to pinpoint where these four characters are generated. That's what I need a helping hand with. Best Regards! Link to comment Share on other sites More sharing options...
kbking Posted February 6, 2009 Author Share Posted February 6, 2009 I think I found something. In my includes/modules/payment/po.php there is this function: function pre_confirmation_check() { global $HTTP_POST_VARS; global $order; global $customer_id; $error = ''; $check_credit = tep_db_query("SELECT customers_credit_account_status,customers_credit_status, customers_credit_left from " . TABLE_CUSTOMERS . " where customers_id ='" . $customer_id . "'"); $credit = tep_db_fetch_array($check_credit); If ($credit['customers_credit_account_status'] =='1' ) { If ($HTTP_POST_VARS['po_number'] == '') { $error = sprintf(MODULE_PAYMENT_PO_TEXT_ERROR_NO_NUMBER); } else { if ($credit['customers_credit_status'] == "1") { if ($order->info['total'] > $credit['customers_credit_left']) { $error = sprintf(MODULE_PAYMENT_PO_TEXT_ERROR_NOT_ENOUGH_CREDIT. $credit['customers_credit_left']); } } else { $error = MODULE_PAYMENT_PO_TEXT_ERROR_CREDIT_DISABLED; } } } else { $error = sprintf(MODULE_PAYMENT_PO_TEXT_ERROR_NO_CREDIT_ACCOUNT); } If ($error) { $payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error); tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false)); } } In the last variable - $payment_error_return - there is an ampersand &. This & becomes & in the URL. The translation from the "&" to the "&" is the culprit - at least so it seems, because when I take out the extra characters - amp; - and leave the ampersand (&), then the error message shows up and it all works correctly as it used to do a while back. Still i can't see any differences in any of my files that would explain this behaviour. Of course I can have missed something... As I said earlier my clone locally doesn't suffer from this at all. Link to comment Share on other sites More sharing options...
kbking Posted February 7, 2009 Author Share Posted February 7, 2009 Problem solved! In functions/general, I had to add: $url = str_replace('&', '&', $url); above header('Location: ' . $url); and in classes/seo.class.php, I added the same above: header("HTTP/1.0 301 Moved Permanently"); header("Location: $url"); // redirect...bye bye Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.