Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Please! Help me find out where four characters originates from.


kbking

Recommended Posts

Hi,

 

It is when I am at checkout_payment.php and trigger any error messages by not giving enough information. For instance if I choose the payment method Purchase on Accont and don't fill in a Purchase Order Number an error message is triggered saying: Please enter your purchase order number.

 

Now this all works on my development server where I'm testing before uploading to the remote server. I noticed that it doesn't work on the remote server. I'm redirected to log.php where I face this message: Your IP address has been logged -- Your IP is: 78.69.xxx.xx You shouldn't be here, so go away! This, I understand, is due to the contribution: anti xss script 1 - pci compliance - by pixclinic, which I have in my .htaccess. If I take out this contribution I'm instead redirected to login.php.

 

I was stumped for a while, then I compared the URL:s.

 

The one from the remote server reads:

 

 

While the one locally correctly reads:

 

 

As you can see there are differences, namely two critical instances of the character sequence: amp; each one after the & sign, in the first URL. (=Right click and copy the link addresses to see the full path)

 

I haven't been able to pinpoint where these four characters are generated. That's what I need a helping hand with.

 

Best Regards!

Link to comment
Share on other sites

I think I found something.

 

In my includes/modules/payment/po.php there is this function:

 

function pre_confirmation_check() 
{
	global $HTTP_POST_VARS;
	global $order;
	global $customer_id;


	$error = '';

	$check_credit = tep_db_query("SELECT customers_credit_account_status,customers_credit_status, customers_credit_left from " . TABLE_CUSTOMERS . " where customers_id ='" . $customer_id . "'");

	$credit = tep_db_fetch_array($check_credit);

	If ($credit['customers_credit_account_status'] =='1' )
	{
		If ($HTTP_POST_VARS['po_number'] == '')
		{
			$error = sprintf(MODULE_PAYMENT_PO_TEXT_ERROR_NO_NUMBER);
		}
		else
		{
			if ($credit['customers_credit_status'] == "1")
			{
				if ($order->info['total'] > $credit['customers_credit_left'])
				{
					$error = sprintf(MODULE_PAYMENT_PO_TEXT_ERROR_NOT_ENOUGH_CREDIT. $credit['customers_credit_left']);
				}
			}
			else 
			{
				$error = MODULE_PAYMENT_PO_TEXT_ERROR_CREDIT_DISABLED;
			}
		}
	}
	else
	{

		$error = sprintf(MODULE_PAYMENT_PO_TEXT_ERROR_NO_CREDIT_ACCOUNT);
	}
  If ($error)
  {
	   $payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error);
	  tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false));
	}
}

 

In the last variable - $payment_error_return - there is an ampersand &. This & becomes & in the URL. The translation from the "&" to the "&" is the culprit - at least so it seems, because when I take out the extra characters - amp; - and leave the ampersand (&), then the error message shows up and it all works correctly as it used to do a while back.

 

Still i can't see any differences in any of my files that would explain this behaviour. Of course I can have missed something...

 

As I said earlier my clone locally doesn't suffer from this at all.

Link to comment
Share on other sites

Problem solved!

 

In functions/general, I had to add:

$url = str_replace('&', '&', $url);

above

header('Location: ' . $url);

and in classes/seo.class.php, I added the same above:

header("HTTP/1.0 301 Moved Permanently");
header("Location: $url"); // redirect...bye bye

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...