Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Products Specifications


kymation

Recommended Posts

tep_db_prepare_input($string) returns trim(stripslashes($string)). That's not my idea of security. No, there is no further filtering done. I added the tep_sanitize_string() part.

 

Remember that Products Specifications builds a lot of code on top of the osCommerce framework. Some of that code has to deal with the stock osC data fields in different ways. I've done my best to make that work correctly and safely. Removing some of that security has consequences that may not be immediately obvious.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

2.3.1 tep_db_prepare_input looks like this

 

function tep_db_prepare_input($string) {
if (is_string($string)) {
  return trim(tep_sanitize_string(stripslashes($string)));
} elseif (is_array($string)) {
  reset($string);
  while (list($key, $value) = each($string)) {
	$string[$key] = tep_db_prepare_input($value);
  }
  return $string;
} else {
  return $string;
}
 }

 

extra sanitize with the stripslashes

 

 

ps. it is a super addon - but some of the instructions in the 2.3.1 version are not fully working - including this part.

Edited by thejudge99
Link to comment
Share on other sites

I must not have the cdeditor installed correctly. And yes the text did have specifications within. This was just test text I dumped into the field. I thought I saw a code file where it filtered out these line feeds, etc. but cannot remember which file it was.

 

I do have the specifications working. Thank you. Nice add on.

Link to comment
Share on other sites

@@thejudge99

 

Jules,

 

You mentioned these changes in categories.php. In fact the original 2.3.1 code has these changes. When I installed ProductSpec it removed them. Once I merged the old and new files, the problem I originally mentioned went away. The changes you mentioned in product_tabs.php did not match the code and so I made no changed.

 

Now I have another issue. I have the ckeditor installed and it is used to edit the Product Specification description fields. It adds the "<p>" paragraph formatting around the text and this messes up the specifications tab. I found that if I clic on the "source" button in ckeditor and remove the html formatting this now works fine. Is there a way to disable the ckeditor for these Product Specification fields or make the ckeditor not add formatting to text on specific fields ?

 

 

in admin/categories.php

 

change

'products_description' => addslashes( tep_db_input( $_POST['products_description'][$language_id] ) ),

to

'products_description' => tep_db_prepare_input( $HTTP_POST_VARS['products_description'][$language_id] ),

 

and in includes/modules/products_tabs.php

 

Thanks

 

Scott

Link to comment
Share on other sites

the version i downloaded ( for 2.3.1) had the above mentioned probs ( the ///////// injection) and my fix was simply to revert that part back to the default 2.3.1 way of saving + outputing the description.

 

Dont know why your products_tabs.php is different - maybe yours is from an older package?

 

The P tags should really be left there ( nothing to do with oscommerce - just general HTML) - another fix if you dont like the spacing would be to add some extra CSS - something like

p{
   padding:0px;
   margin:0px;
}

of course tweaked to be more specific to your own layout

Link to comment
Share on other sites

While the paragraph <p> may be necessary for general text descriptions, it does not work well with the Specifications as they are used in a table type display. This really messes up the formatting.

 

Such as:

 

Weight: 125 lbs

Color: Blue

 

etc.

 

I have actually modified the Product Listing Add On to display a real table. And fixed some other bugs with this code.

 

Scott

Link to comment
Share on other sites

here is my easypopulate share - it is not yet bug free

 

when values are defined it sometimes creates duplicates.

 

though I have used it to load lots of specs, it is not that easy to work with when the allowed values are restricted.

 

it has some customizations specific to our store, you might get some inspiration for your own ...

 

I don't have time to clean it up, but feel free to do, make it better and share further ...

easypopulate.php

KEEP CALM AND CARRY ON

I do not use the responsive bootstrap version since i coded my responsive version earlier, but i have bought every 28d of code package to support burts effort and keep this forum alive (albeit more like on life support).

So if you are still here ? What are you waiting for ?!

 

Find the most frequent unique errors to fix:

grep "PHP" php_error_log.txt | sed "s/^.* PHP/PHP/g" |grep "line" |sort | uniq -c | sort -r > counterrors.txt

Link to comment
Share on other sites

Thanks for sharing the code. I've been meaning to work on something like this, but I just don't have the time.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

hey @@kymation I have an issue with the review tap which i read some other members had too, but I didn't manage to solve it.

Basically when I press to post the review it adds the item to my shopping cart.

 

So I read the form tags have to be in the right place and make sure there are no duplicates. I have looked through the product_info.php and /modules/product_reviews.php and I can't spot anything wrong.

 

I have compared to the installation files and everything seems to be ok, but it still happens.

 

I have looked at the page source in Firefox and it does show an error saying that there is a nested form tag which is not allowed.

 

I just don't know what it is...

 

Firefox is right. You need to find the incorrect form tag(s) and move them to the correct places.

 

The error is most likely in product_info.php. Find the </form> tag and move it to just before this code:

 

<?php
include_once (DIR_WS_MODULES . FILENAME_PRODUCTS_TABS);
// End Products Specifications
?>

 

Regards

Jim

 

@@kymation

 

Thanks, that partly solved the problem. It doesn't add to cart like before but now if kinda just refreshes the page. It adds this to the end of the url

?action=process&tab=review

 

The text entered in the reviews box is still there and the review doesn't appear for approval in admin.

 

Any suggestions what I should do?

 

Regards

Aleksander

 

I would guess that the code in the top of products_info.php that processes the form output is incomplete or missing.

 

Regards

Jim

 

Jim,

Just wondering if this has been solved, I, like Aleksander, am using the file provided in your contribution and am receiving the same results as he did??

 

 

Downloaded your contribution today and loved it, Even though I wasnt looking for this it was exactly what I needed, a huge thanks to you!

Edited by EchoGuns
Link to comment
Share on other sites

If you have made the above changes it should work. The code in the top of product_info.php is this:

 

// Process data from the on-page forms
 require_once( DIR_WS_MODULES . 'product_info_process.php' );

 

The code in product_info_process.php processes the review, tell a friend, and ask a question forms in the tabs. The code is identical to that I'm using in a live site right now. If you still see action=process&tab=review in the URL after submitting a review, there is an error in your input and you should be seeing an error message. Check that you have filled in all of the required fields and try again.

 

Regards

JIm

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

I have both the Friend and the Question tabs turned off via the admin. Both the product_info.php and the product_info_process.php have been unchanged since installing the contribution. I verified that the lines of code in question were there and everything checks out.

 

Upon testing however, I still receive in the URL action=process&tab=review&products_id=30

 

Of the required fields in question, the first name and the review text is all that is required but to go ahead and check I test with the last name as well and still nothing? This was a clean install on a 2.3.1 store and all I did was turn off the Documents tab?

Link to comment
Share on other sites

Then something is triggering an error in the processing code. You'll have to debug that, as I can't see it here.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

I am instaling the product specification add-on (vesrion 1.1.11) on my osCommerce v 2.3.1 site and have encountered the following message in the product page:

 

1146 - Table 'bbabbitt_osc1.TABLE_PRODUCTS_XSELL' doesn't exist

 

select count(xp.xsell_id) as total from TABLE_PRODUCTS_XSELL xp, products p where xp.products_id = '34' and xp.xsell_id = p.products_id and p.products_status = '1'

 

[TEP STOP]

 

The database, as expected, doesn't have a table named products_xsell or anything like it. I also couldn't find mention of creating anything with that or any similar name in the database with the products_specifications.sql file provided.

 

How do I get past this or what have I done wrong?

Link to comment
Share on other sites

installed a brand new oscommerce, without any other add on installed, copy and paste all the files to the catalog, run the SQL files. This is the message when click on the product in the front page, inside the Description column, and when you click on the review or ask a question tab, it just jump to the index.php

 

1146 - Table 'inmotion_test.TABLE_PRODUCTS_TO_DOCUMENTS' doesn't exist

 

select count(*) as total from TABLE_PRODUCTS_TO_DOCUMENTS where products_id = '16'

Edited by ce7
Link to comment
Share on other sites

Go to the Product Specifications configuration menu and set Show Documents tab to False.

 

Regards

Jim

Edited by kymation

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

set the document tab to false, the next error message:

(PS. some products has perfect description, but some show this error message! error one, such as Hewlett Packard LaserJet 1100Xi )

 

Parse error: syntax error, unexpected T_STRING in /test/includes/functions/clean_code.php(162) : eval()'d code on line 1

Link to comment
Share on other sites

That's the usual PHP problem with apostrophes/single quotes. If you have ckeditor installed, just edit the product and save it without making any changes. If not, you'll have to manually add three backslashes in front of every apostrophe.

 

There is a fix for this, but it involves editing a bunch of files. As usual, I don't have time to release half of what I've done.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Update? It's working as is, with the exception of one optional module that (almost) nobody uses. If you need that module, post in the support thread. I may be able to find the time to fix it.

 

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...