Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Changing date format to use hyphen


Druid6900

Recommended Posts

After installing a security contribution (which works fine otherwise), I find that in Advanced Search, using a / results in a date format error as that symbol is now "cleansed".

 

I need to know how to have the To and From date display a hypen ( - ) instead of the slash ( / ) to get around this and allow my customers to use the advanced search function.

 

Thank you for any and all help, in advance.

No Good Deed EVER Goes Unpunished

Link to comment
Share on other sites

I think that approach might be problematic.

 

Do you really need a date search on your site?

 

Probably not, but it's part of the advanced search form and generates an error if use of the date option is attempted.

 

Leaving it as it is would be "sloppy" and may make the customer ask "what ELSE isn't working?"

 

I'm a computer technician, among other things, and I don't like parts left over. This is a "loose end".

 

The reply the author gave to others having the same problem was "Just change the date so it uses hyphens instead of / or even better use the osCommerce calendar set to use hyphens."

 

Great. I'm not a programmer in any sense other than I can modify code to correct for errors and/or keep it from stepping on other contributions. I don't know everything about OsC or what each file contains and controls. I don't know why a lot of programmers assume that if they know it, EVERYONE knows it.

 

Don't tell me what, and then not tell me how. A reference, anything.

 

I mean, don't get me wrong, I appreciate the contributions that I have used and appreciate the time that people have put into them, but we all aren't that talented when it comes to coding.

No Good Deed EVER Goes Unpunished

Link to comment
Share on other sites

I have never had a customer where date based search was relevant so we always remove those fields.

 

So I recommend you also just remove the fields too to save yourself a headache.

Link to comment
Share on other sites

It seems that, barring an actual solution, that would be easiest.

 

Should a "cure" ever be found, I can always re-install the option.

 

Thank you.

No Good Deed EVER Goes Unpunished

Link to comment
Share on other sites

The security contribution should be fixed. It is not normal to strip / sign from imput fields.

 

If you want to stop cross site scripting there are other ways. In particular adding restrictions to your .htaccess file

Link to comment
Share on other sites

Yes, well, be that as it may, I doubt the author would agree and it's in now and, other than that problem with the advanced search (fields now removed), it seems to do the job.

 

The author doesn't strike me as the type to take criticism well and it doesn't appear that anyone has been supporting the contribution for a couple of months now.

No Good Deed EVER Goes Unpunished

Link to comment
Share on other sites

Well a lot of people are like that when they do things for free.

 

You still might want to add the .htaccess code if security is a concern to you. Here it the lastest code we use on our Linux servers

 

 

 

## cross site scripting protection

 

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]

RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index_error.php [F,L]

RewriteCond %{REQUEST_METHOD} ^TRACE

RewriteRule .* - [F]

RewriteCond %{REQUEST_METHOD} ^TRACK

RewriteRule .* - [F]

Link to comment
Share on other sites

Yes, I know people get tired of supporting their free work, and that is understandable, but, usually, someone steps up to the plate to answer questions when the original author abandons it, and that was the case here for a while, but no longer.

 

I know I ended up the temporary guardian of an abandoned contribution for a while because I needed it and there was no support, so I learned what every line of code did, made some minor modifications to it and was the resident "guru" for some time.

 

Well, I do have the sensitive areas protected by .htaccess files and SSL, but the .htaccess code is no where near as comprehensive as this and I thank you for sharing it.

 

I will incorporate it into my files immediately. You can't have too much security.

 

Regards,

 

Richard

No Good Deed EVER Goes Unpunished

Link to comment
Share on other sites

have you got an .htacess in your images folderd and other vulnerable/writeable folders to make sure no-one can run any php code from there in the change they do manage to hack and load some?

 

<Files *.php>

Order Deny,Allow

Deny from all

</Files>

Link to comment
Share on other sites

have you got an .htacess in your images folderd and other vulnerable/writeable folders to make sure no-one can run any php code from there in the change they do manage to hack and load some?

 

<Files *.php>

Order Deny,Allow

Deny from all

</Files>

 

Yes, I do, actually, but, thank you for asking.

No Good Deed EVER Goes Unpunished

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...