marcgenou Posted December 12, 2009 Posted December 12, 2009 Hi guys I dont know when this feature stopped working but I've checked now and it keeps throwing me this error when I input dates. I tried with generic dates like from 01/01/2008 to 01/01/2009 Invalid From Date Invalid To Date Seems to be an messageStack error from advanced_search_result but I'm not sure. $date_check_error = false; if (tep_not_null($dfrom)) { if (!tep_checkdate($dfrom, DOB_FORMAT_STRING, $dfrom_array)) { $error = true; $date_check_error = true; $messageStack->add_session('search', ERROR_INVALID_FROM_DATE); } } Where this error could be coming from?
Jan Zonjee Posted December 13, 2009 Posted December 13, 2009 Where this error could be coming from? I think most of the time this error comes from the DOB_FORMAT_STRING that is set in includes/languages/#language_used#.php For example this is from includes/languages/german.php around line 60: // text for date of birth example define('DOB_FORMAT_STRING', 'tt.mm.jjjj'); osC is picky about how many digits you use for dates too.
marcgenou Posted December 13, 2009 Author Posted December 13, 2009 I think most of the time this error comes from the DOB_FORMAT_STRING that is set in includes/languages/#language_used#.php For example this is from includes/languages/german.php around line 60: // text for date of birth example define('DOB_FORMAT_STRING', 'tt.mm.jjjj'); osC is picky about how many digits you use for dates too. seems to be fine, it should be working. I am going to keep trying... // text for date of birth example define('DOB_FORMAT_STRING', 'dd/mm/aaaa');
marcgenou Posted December 13, 2009 Author Posted December 13, 2009 I've found it. FWR Security Pro was breaking url's.
teacup Posted December 19, 2009 Posted December 19, 2009 I've found it. FWR Security Pro was breaking url's. I have same problem... So what did you do? Add this file to the safe list of disabled FWR? Thanks
CitaK Posted March 14, 2010 Posted March 14, 2010 I've found it. FWR Security Pro was breaking url's. I have this same error showing after installing FWR Security Pro. Were you able to resolve it? Could someone offer any suggestions? Thank you in advance.
CitaK Posted March 16, 2010 Posted March 16, 2010 Hi All, I am using Oscommerce 2.2rc2a. The advanced search function will not work at all now. Even if I am not using the date fields and only searching in the top field in advanced search, 2 error messages appear at the top. The regular search function works but not the advanced search. Invalid from date Invalid to date I searched the forum and read this thread which seems to show the same potential issue as mine, but there is no discussion of a fix. I do not know what the issue is. In the post above, Margenou mentioned something about breaking urls. He also mentioned that he installed FWR Security Pro. I also installed it. I know it is a great contribution and wish to use it. Is there a fix that I am missing? Has anyone else experienced this? Thank you for any help.
mid9tblue Posted April 9, 2010 Posted April 9, 2010 I have the same issue, I have finally traced the problem to FWR Security Pro. The problem with quick find and advanced search only happens when i turn on security pro to "true" my site is in two languages, for english, it's invalid from and to date for the other language, the search function will not work at all. My site needs to be secure, but i cant sacrifice functional for that, search is too important to leave behind. Anyone have a fix for this? Please help.
snowrabbit Posted January 23, 2011 Posted January 23, 2011 Same issue, has it been solved yet? any solutions? thanks.
geomilli Posted December 7, 2011 Posted December 7, 2011 FWR Security Pro is causing the problem. It looks as if the "/" are being cleansed from the data, so I assume that "slashes" are in it's nature to remove. Removing the "/" from the code for FWR Security Pro also works, but does it open the door for hacking? BEFORE: $cleansed = preg_replace( "/[^\s{}a-z0-9_\.\-]/i", "", urldecode( $get ) ); AFTER: $cleansed = preg_replace( "[^\s{}a-z0-9_\.\-]i", "", urldecode( $get ) ); Taking out FWR Security Pro entirely will fix it, but you still need to match the date string exactly for osCommerce to work. EX: 00/00/000 Adding the exclusion to FWR Security Pro seems ineffective as well. $security_pro->addExclusion( 'advanced_search.php' );
geomilli Posted December 7, 2011 Posted December 7, 2011 Team effort here! Reading what you all had to say I came up with the solution. Leave everything the same with FWR Security Pro... Go into your includes/languages/english.php and change it from: // text for date of birth example define('DOB_FORMAT_STRING', 'mm/dd/yyyy'); to // text for date of birth example define('DOB_FORMAT_STRING', 'mm-dd-yyyy'); Dashes that are spaced and not doubled like "--" won't be cleansed from FWR. The date stamp of 00-00-0000 will then pass normally.
geomilli Posted December 7, 2011 Posted December 7, 2011 Tweaks to the entire site: Change includes/languages/english.php define('DATE_FORMAT_SHORT', '%m-%d-%Y'); // this is used for strftime() define('DATE_FORMAT_LONG', '%A, %B %d, %Y'); // this is used for strftime() define('DATE_FORMAT', 'm-d-Y'); // this is used for date() define('DATE_TIME_FORMAT', DATE_FORMAT_SHORT . ' %H:%M:%S'); define('ENTRY_DATE_OF_BIRTH_ERROR', 'Your Date of Birth must be in this format: MM-DD-YYYY (EX: 05-21-1970)'); define('ENTRY_DATE_OF_BIRTH_TEXT', '<img border="0" src="images/exclamation.gif"></br>(EX: 05-21-1970)'); The above represents change on my site, but you should only concern yourself with the "-" vs. the "/". I think it's a fine compromise for security.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.