Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Responsive osCommerce - Bootstrap


Recommended Posts

I received a reply from my host

 

 

I would like to inform you that some of the attributes like flower brackets in the URL's are not allowed in our server. Thus, you were facing the issues in the OsCommerce application product URL's. To protect the server from the hack or from any Brute force attack, we have disabled to pass the { } within URL's.

I request you please remove the flower brackets '{ }' from the OSCommerec application product URL's, so that you can work with the application without any issues

 

@@burt would it not be prudent to urlencode() these urls from a core level to increase compatibility with hosts?

I have patched my shopping_cart are there any other occurences of where the attribes {x} are passed in the url so I can fix them?

Link to comment
Share on other sites

  • Replies 2.2k
  • Created
  • Last Reply

If some hosts are banning {} curly braces as a security measure, perhaps the best long-term solution would be to use something else in the Query String. Are they being used only as separators (use : colon instead), or are they indicating some sort of nesting or depth?

Link to comment
Share on other sites

If some hosts are banning {} curly braces as a security measure, perhaps the best long-term solution would be to use something else in the Query String. Are they being used only as separators (use : colon instead), or are they indicating some sort of nesting or depth?

 

Colon would also need to be encoded for a valid url. If you want to avoid the need to encode anywhere, you have to choose from specifically unreserved characters: a-zA-Z0-9\-._~

 

see http://stackoverflow.com/questions/23064605/when-if-ever-should-characters-like-and-curly-braces-be-percent-encoded

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

Colon would also need to be encoded for a valid url. If you want to avoid the need to encode anywhere, you have to choose from specifically unreserved characters: a-zA-Z0-9\-._~

 

see http://stackoverflow.com/questions/23064605/when-if-ever-should-characters-like-and-curly-braces-be-percent-encoded

 

@@burt

@@Harald Ponce de Leon

 

Looks like there is a genuine reason for the core to be changed to reflect this for future compatibility, would not be good for OSC to start failing in the future and getting a bad reputation if it can be fixed before people upgrade or install responsive versions.

Link to comment
Share on other sites

@@ShaGGy Les why don't you push your changes via Github and see if they are accepted.

 

Dan

 

I have only made 2 simple changes in shopping_cart.php (urlencoded the links) but there may be other core changes that are/will be affected by this, I am currently configuring my new site so haven't seen if it affects anything else.

But it does need looking at for the future.

 

edit : I have added it to the issues in github.

Link to comment
Share on other sites

@@ShaGGy Les why don't you push your changes via Github and see if they are accepted.

 

Dan

 

Well I opened it as an issue in github but Burt closed it with the reply

 

'The whole attributes system will be receiving attention at some point in the future.

In the meantime, if anyone else has similar issues, they can refer to your link.

Thanks'

 

I am unsure as to how they are mapping out the future of oscommerce as this says to me that it is pointless installing responsive OSC as it will keep being overhauled and modifying your site could be very difficult until it is developed fully.

 

They have moved onto the admin side when there are things that NEED to be in place for the Shop side first

if you look at the reason to close the issue 'if anyone else has similar issues, they can refer to your link.' this does not fix a fundamental coding issue that is documented as bad programming and inadvisable why not fix these CORE issues first as doing them later means yet again addons being developed will cease to work (like all the current ones dues to the filenames.php being made redundant) and 'The whole attributes system will be receiving attention at some point in the future.' sounds like more things will be broken as look at how many modules are products/price/attribute related (like SPPC&QPBPC).

 

I love OSC but i do have concerns that if the development continues as it is it will do a lot of damage to OSC's future as as we all know Responsive/mobile compatibility needs to be in place now for sites to be accepted by google 2.3.4 (standard) is not responsive and the responsive versions are constantly changing and breaking the latest modules that were wrote for it then when you look at competitors like magento etc they are now fully responsive from the off.

 

This isn`t a moan but

@burt

@Harald Ponce de Leon

please look at how you are taking this forward so as not to discourage users and future users, I know it is a difficult task to upgrade/transistion a system while it is use and full respect for what you are doing.

Link to comment
Share on other sites

@@ShaGGy

 

Sounds like a moan to me. May be you should post your woes as a bug with the actual oscommerce version and may be it will get changed in the next official version.

 

Read above, I did (actually the same bug/bad code is in the non responsive version) and yes I have found where the problem is and patched it myself and it is working fine on mine. (which was the passing of { } in urls with attribs which is advised against (like i said I have fixed this on my install) so not an issue for me.)

 

My post was more for the future of OSC, its okay for those of us who can fix an addon or modify code to do different actions but what about the ones who don`t know PHP?

The reason Burts making the changes (apart from the responsive part) and changing to modular is so there is no need to modify code when installing and un-installing addons (i.e make it easier for users to install addons like megento has).

 

My concern is OSC is either going to become static/stale having either a non responsive version that is not ideal to install in this day and age or have the responsive version unmodified as the core keeps changing and even most of the most recent BS addons no longer work without modification.

 

Burt as said in his response the attribs will be overhauled in the future, now think of the implications with that and how many addons use pricing,attribs, discounts, etc etc they will all be affected so is there any point in developing/updating any of the addons that currently are not responsive compatible especially if they involve any form of pricing/attribution features?

 

Like I said I don`t need the fix and will be able to get around the future changes but what about the ones who want a responsive site but can`t identify issues and fix code?

They have two options Non responsive OSC or install another ecommerce.

I just think fixing the customer facing side first should be priority and any core code for that side and jazz up the admin side later.

 

I have recommended osc to many people in the past but to be honest I would not at the current time unless I was maintaining it.

Link to comment
Share on other sites

@@ShaGGy, thanks for bringing the issue with {} in the urls to our attention. This will be looked into. Please be aware that even though using those characters might be advised against, they have been in use for over a decade since the attributes implementation was introduced. I don't recall this being an issue for another person, but you are totally right that it should be addressed to work on tightly secured web servers.

:heart:, osCommerce

Link to comment
Share on other sites

Where Can a store owner find the History of the Changes or what in the BS every time new is.

A friend of mine told me that in the new Release Header Tags and Testimonials Standard is also in the zip file and you don't have to install it as an addon where can I find that is somewhere a History of Releases ore Mayor Changes Like the Header Tags addon that are implement to the new release?

Link to comment
Share on other sites

@@ShaGGy if you do not like a decision, the code is all there ready for you to do what you want.  

 

Decisions are made based on many factors.

 

One factor in this case is the fact that you are the only one in 15 years to see this.  There are other factors.

 

Don't like a decision?  Move on.  Stop banging your drum.

Link to comment
Share on other sites

Please be aware that even though using those characters might be advised against, they have been in use for over a decade since the attributes implementation was introduced. I don't recall this being an issue for another person, but you are totally right that it should be addressed to work on tightly secured web servers.

 

Well, PHP has a long history of tolerating things which technically have been illegal. One day someone modifies PHP to more closely conform to the "standard" (if there is such a thing), and bang!, an application such as osC doesn't work any more. There's no telling if it even was a deliberate change, or just an incidental side effect when someone was working on something else. It happens. I'm not sure where in the Apache/PHP/browser stack that {} pairs are now starting to be interpreted as expressions (or maybe, no longer interpreted, or are forbidden), but it's something that we have to accept will happen from time to time, and update osC to conform with current practices.

 

Speaking of which, welcome back to activity... it's good to see you're alive and kicking. Please, please, please give strong consideration to immediately and officially adopting 2.3.4BS as the official 2.3.5 or 2.4 ASAP, so we can get on with having only one official release and not induce massive confusion by having a competing community-supported branch where all the development is going on. Otherwise, you risk having a de facto fork of osC, which will turn into a competing product.

Link to comment
Share on other sites

One factor in this case is the fact that you are the only one in 15 years to see this.  There are other factors.

PHP/Apache/browsers have changed. What used to be technically illegal (but tolerated) no longer is allowed. More and more users are likely to see this. osC needs to be updated.

 

Don't like a decision?  Move on.  Stop banging your drum.

I think that's being a bit harsh. This is a known PHP/Apache/browser issue (I'm not sure where) which is likely to show up more and more as time goes on. Let's get on top of it before it buries us.

Link to comment
Share on other sites

@@MrPhil decision is made and final.  If this user wants it his way, he forks and does it himself or he gets the core code of official osCommerce changed.  The community based version is not the place for changes in the mechanics of osCommerce.

 

What I do is done in my time, my schedule, my way.  Anyone doesn't like it...they know what they can do.

Link to comment
Share on other sites

PHP/Apache/browsers have changed. What used to be technically illegal (but tolerated) no longer is allowed. More and more users are likely to see this. osC needs to be updated.

This problem is not related to a change in web servers. I work with Apache, Nginx,and IIS and have not come across this problem.

 

This problem has to do with a server that has been configured to be super duper tightly secured - more than likely with Apache's mod_security filtering the characters from the URL.

 

Regarding BS, an announcement will be made this week.

:heart:, osCommerce

Link to comment
Share on other sites

@@ShaGGy if you do not like a decision, the code is all there ready for you to do what you want.  

 

Decisions are made based on many factors.

 

One factor in this case is the fact that you are the only one in 15 years to see this.  There are other factors.

 

Don't like a decision?  Move on.  Stop banging your drum.

 

Burt if you read my post i have said I have moved on from the {} issue and to be honest it makes no difference to me as I have already fixed the issue on my install.

 

My post was more aimed at the fragmentation of OSC at the moment i,e modules wrote only weeks ago no longer work due to the filenames change and is there any point in updating modules to be BS comaptible when you have said you will be overhauling the attribs section?

 

I was more concerned that you have moved onto the admin side when there are clearly things remaining on the catalog side that you intend to do and would it not be prudent to do that side first so that the modules can be updated to the point where they won`t break the customer side of osc in future changes?

I wanted to install and update SPPC with QPB which was a nightmare to get fully working but is there any point if you are making further price/product related changes in the future which will undoubtedly break the addons, yes the admin side would break also but at least it wont shut sites down.

The only other option is to stay static and not install modules (if you are not PHP savvy).

To be honest would you recommend OSC for a new website in its current state

2.3.4 non responsive (bad) but modules work (good)

2.3.4 responsive (good) but most modules don`t work (bad) and cant really release updates due to ongoing changes.

or install a rival cart that does both of the above?

 

Like I say it doesn`t affect me personally I am thinking of OSC as a brand and its future as you know once someone changes to a new cart and it works they are unlikely to move away from it.

 

Please don`t take what i have said personally it is NOT a ATTACK on you or your work I am just thinking from a users point of view.

 

Link to comment
Share on other sites

What I do is done in my time, my schedule, my way.  Anyone doesn't like it...they know what they can do.

 

 

I could not care less about addons.  

 

So, bear these things in mind next time you feel the need to post more words aimed at me. 

Link to comment
Share on other sites

I, for one, am certainly happy to see the changes happening in OSC core.

 

No more filename defines is freaking great. No longer have to write FILENAME_BLAH_BLAH_BLAH to keep in the projects standards when writing code. But besides that, the main benefit being less define(s) and interpretations. A small but beneficial micro-optimization.

 

So someone found a bug, albeit a small bug that apparently reared its head on a 1.99 per month bucket host, still a bug. I see that bug was reported as an issue with link to how to correct. That's great. And it looks as though an answer was given that said the area it involves was going to change soon. What more is there to worry about?

 

And that's all small stuff:

 

How about that new code? Anyone been following HPDL's Git? IMO it's a little much, I would scale back some of the changes and rethink it a bit, However - its freaking good stuff going on. 100% F*#@ing great. All the new code is modern and following what standards we do have for PHP.  I guarantee its faster, better efficient, and has a long term future.

 

So speaking of code and future, as a result of the new code base changes, every addon currently available will not work without being rewritten. But so what? I rewrite over 80% of things I find in the addons section anyway. osC has kept the core the same for far too long, and much of the reason has probably been to satisfy those who rely on the addons, or those who do not want to see a more modular way of installing addons. (You cant charge as much to push a $button).

 

Its well past time to change core. Everyone knows it. There's those that welcome the change, then there's those that will bitch and cry-baby about it. In creating the responsive community edition, we've pretty much seen that. If the main core would have changed - what - 5 or 6 years ago, people would have bitched about their addons not working then, and devs would have cried about loosing business, but you know what? That would have been then, and now would look a lot different. Inevitably things are going to look different. 

 

Good luck to osC, its great, and it always will be. One way or another.

Follow the community build:

BS3 to osCommerce Responsive from the Get Go!

Check out the new construction:

Admin Gone to Total BS!

Link to comment
Share on other sites

So speaking of code and future, as a result of the new code base changes, every addon currently available will not work without being rewritten. But so what? I rewrite over 80% of things I find in the addons section anyway. osC has kept the core the same for far too long, and much of the reason has probably been to satisfy those who rely on the addons, or those who do not want to see a more modular way of installing addons.

Exactly so.

As low as 80% ;) ???!!?

 

Some of those old addons are very good in idea, but in execution are poor, some extremely poor.

I can't remember the last time I used an addon from the addons area, that just worked out of the box.

Maybe one of FWRs kiss things?

 

(You cant charge as much to push a $button).

Bang on. There are loads of people who charge a fortune to install addons where the addon needs 20 files amended.

The end result of my vision stops this. Has already been stopped a lot.

 

Let's make it so that developers have to be certified. They have to write code that is secure, non-invasive and works out of the box.

 

Its well past time to change core. Everyone knows it. There's those that welcome the change, then there's those that will bitch and cry-baby about it. In creating the responsive community edition, we've pretty much seen that. If the main core would have changed - what - 5 or 6 years ago, people would have bitched about their addons not working then, and devs would have cried about loosing business, but you know what? That would have been then, and now would look a lot different. Inevitably things are going to look different.

Amen!

Link to comment
Share on other sites

As low as 80% ;) ???!!?

Not really, but trying to be modest. I actually haven't used anything without modifying it, but give 20% for the idea and/or starting point.

 

Let's make it so that developers have to be certified. They have to write code that is secure, non-invasive and works out of the box.

Exactly! Better for the entire community.

Follow the community build:

BS3 to osCommerce Responsive from the Get Go!

Check out the new construction:

Admin Gone to Total BS!

Link to comment
Share on other sites

 

Let's make it so that developers have to be certified. They have to write code that is secure, non-invasive and works out of the box.

Exactly! Better for the entire community.

 

 

Eh, I'm not sure that certifying developers is workable. The barriers introduced to membership in this club might discourage a lot of good people from even trying to contribute to the community. Perhaps it would be better for the community to examine individual contributions, and if they pass muster (within a reasonable length of time) and the developer is cooperative in fixing any problems found, certify each contribution. A certification might be good only for a specific osC release, and would have to be redone for new osC releases (and PHP upgrades). The developer would gain the right to display some sort of seal or certificate that they have one or more certified contributions, but would have to be honest about how many uncertified contributions they also have. Let the market decide who is good.

Link to comment
Share on other sites

Let's make it so that developers have to be certified. They have to write code that is secure, non-invasive and works out of the box.

 

 

Exactly! Better for the entire community.

 

You mean certified to submit addons? if so i think that might be a bad idea as why write modules for OSC if you have to become certified you may as well write for one of the others and be paid for the addon.

if anyone can submit a addon but it is checked before being released in the addons section that would be a better idea as it will promote the community spirit (maybe have a uncertified section for those who like the addon and can later verify it as safe or tweak/better it (i.e have certified people who can say 'YES' this one okay for release to the general public))

 

or maybe have flags in the addons section like.

certified  .. check

and have a number of users who are able to verify a addon as conforming to code.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...