Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Whacked Out Strange Characters


Guest

Recommended Posts

Could anybody tell me what this anomoly is at the top of the admin default.php page? I can not figure out where it is coming from.

 

N?O . M?O .. O?O zones.php ?P?O categories.php Q?O configuration.php ??R?O

countries.php S?O currencies.php T?O

customers.php U?O default.php V?O

languages.php W?O manufacturers.php ??X?O

orders.php ?Y?O payment_modules.php Z?O products_attributes.php [?O products_expected.php ժO reviews.php ]?O shipping_modules.php ?^?O specials.php _?O stats_customers.php `?O tax_classes.php a?O

tax_rates.php b?O ( stats_products_purchased.php ?c?O $ stats_products_viewed.php +?d?O ?

backup.php ?

Link to comment
Share on other sites

No... actually index.php doesn't exist. You can even see the filename of default.php in those stupid little characters along with all the other filenames. Now I just have to figure out why it is doing it.

 

Thanks for the input though.

Link to comment
Share on other sites

In addition to last post the reason I was using default.php in the admin directory was because I was using 2.1. I am now upgrading to 2.2 snapshot and that may fix the funny characters problem.

 

Now I am dealing with the typical problem of Register Globals. Register Globals is off in the php.ini file but turned on for this domain in the Apache configuration. Therefore the test to the php.ini is still arguing even though register globals is truly on.

 

Any idea when the register globals problem will be fixed? It really is a security risk.

Link to comment
Share on other sites

Well 2.2 is installed and ADMIN has even more special characters than before. It really looks like it is trying to read in the directory structure or something. I'll drop the characters at message end.

 

AND... my "Unable to determine the page link!" is back. I have read about 20 posts about this but can someone point me to the one that works? That would be nice.

 

 

Those dumb characters follow............................

?!S .?S ..?!Simages?"S CVS"Smodules("Sconfiguration.phpr?)"S countries.php*"Scurrencies.php+"S customers.php,"S index.phpx?-"Sdefine_language.php."S geo_zones.php/"S itransact.php0"S languages.php1"Smail.php?x?2"Smanufacturers.phpr?3"S modules.php4"S orders.php?5"Sorders_status.phpr?6"S reviews.php7"S products_attributes.php8"S products_expected.phpx?9"S specials.php:"Sstats_customers.php;"S(stats_products_purchased.php?x?<"S$stats_products_viewed.php+?="Stax_classes.php>"S tax_rates.php?"Swhos_online.php@"S zones.phpx?A"Sfile_manager.php_r?B"Sserver_info.phpC"Snewsletters.phpD"S banner_statistics.phpx?E"S invoice.phpF"Spackingslip.phpG"S backup.php?H"Sbanner_manager.php?I"S cache.phpx?J"S`categories.php

 

Isn't that beautiful.

Link to comment
Share on other sites

Well I figured out how to make it go away. Register_Globals=On

 

To answer your question I was just viewing it in a browser, IE 6 to be specific. However, it seems it all stems from the necessity to have register globals turned on. Does the Team here know how unsecure register globals is to have turned on.

 

By preference we tend to only turn on the globals in the Apache configuration on an as needed basis by using "php_flag register_globals On". But it seems that isn't cutting the mustard for this application.

 

Background info:

Apache 1.3.27 with PHP 4.2.2

osCommerce 2.2

 

Any idea if the next release will work with register_globals turned off? We would like to offer osCommerce with all of our hosting solutions as a turn-key solution. It seems to be almost there. The new browser based configuration is ALOT more turnkey than the 2.1 was. But we don't want to have to open up security vulnerabilites in doing so.

 

For an Open Source project it is definately coming right along.

 

Good Job so far.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...