Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Archived

This topic is now archived and is closed to further replies.

mcmannehan

Ultimate SEO URLS5

Recommended Posts

I find out that Ultimate SEO URLS5 have an issue with product links.

 

If a product have Products Attributes than there create a link in the navbar modules shoping cart like this:

catalog/product_info.php?products_id=160{4}31

After you click on it, a 404 error appears.

 

We only need a product link like catalog/product_info.php?products_id=160

So i did the follow:

open

catalog/includes/modules/navbar_modules/templates/shopping_cart.php

Find:

foreach ($products as $k => $v) {
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
} 

and add the preg_replace

foreach ($products as $k => $v) {
  $v['id'] = preg_replace('~(.*){[^{]+$~', '\\1', $v['id']);
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
} 

The preg_replace will delete all characters after the { and the { itself.

May be this REGEX its a atomic bomb on a small bird and may be there is a more easy solution.

But this works. Tested in osC 2.3.x.

 

 

 

 

 


  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post


Link to post
Share on other sites

error in my preg_replace

 

have to change to:

$v['id'] = preg_replace('~[{](.*)+$~', '', $v['id'], 1);

this works perfect, also if product have more products attributes


  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post


Link to post
Share on other sites

{ and } in a URL Query String are a known problem, and have been discussed quite a bit. Curly braces are banned by a number of hosts as some sort of security issue. I don't know what the official replacement will be for this syntax.

Share this post


Link to post
Share on other sites

@@MrPhil

I don't know why the URL link is created with the curly braces. So i remove them.


  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post


Link to post
Share on other sites

@@MrPhil

I don't know why the URL link is created with the curly braces. So i remove them.

 

its for options/attributes , when you use the link to return to the product the options choosen and shown in the cart product will be auto selected on the product info page.

Share this post


Link to post
Share on other sites

@@activeebiz

 

its for options/attributes , when you use the link to return to the product the options choosen and shown in the cart product will be auto selected on the product info page.

 
I think this isn't necessary. Curly braces in the link are banned by a lot of hosters.


  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post


Link to post
Share on other sites

Well, yeah. Some time ago, someone chose the syntax "{nn}" for options and attributes in osC. Later, hackers found they could abuse systems by using "{nn}" syntax, so many hosts banned (disabled) the use of braces in Query Strings. Unfortunately, this creates a problem for osC stores that use options and attributes, and the syntax will have to be changed to fix the problem.

 

If you are seeing "{nn}" in your Query Strings, it means you are using options and/or attributes. Simply filtering them out is going to break your system in some way, hopefully minor (such as not having options preselected when returning to the cart). It would be better to fix the underlying problem (change the syntax).

Share this post


Link to post
Share on other sites

@@MrPhil

 

Well, yeah. Some time ago, someone chose the syntax "{nn}" for options and attributes in osC. Later, hackers found they could abuse systems by using "{nn}" syntax, so many hosts banned (disabled) the use of braces in Query Strings. Unfortunately, this creates a problem for osC stores that use options and attributes, and the syntax will have to be changed to fix the problem.
 
If you are seeing "{nn}" in your Query Strings, it means you are using options and/or attributes. Simply filtering them out is going to break your system in some way, hopefully minor (such as not having options preselected when returning to the cart). It would be better to fix the underlying problem (change the syntax).

 
Since i filter them out, my system is still running very well, nothing breaks. I filter them out only in the product link of the cart modul in the header here: catalog/includes/modules/navbar_modules/templates/shopping_cart.php


  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post


Link to post
Share on other sites
On 3/12/2017 at 1:54 PM, mcmannehan said:

I find out that Ultimate SEO URLS5 have an issue with product links.

 

If a product have Products Attributes than there create a link in the navbar modules shoping cart like this:

catalog/product_info.php?products_id=160{4}31

After you click on it, a 404 error appears.

 

We only need a product link like catalog/product_info.php?products_id=160

So i did the follow:

open

catalog/includes/modules/navbar_modules/templates/shopping_cart.php

Find:


foreach ($products as $k => $v) {
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
} 

and add the preg_replace


foreach ($products as $k => $v) {
  $v['id'] = preg_replace('~(.*){[^{]+$~', '\\1', $v['id']);
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
} 

The preg_replace will delete all characters after the { and the { itself.

May be this REGEX its a atomic bomb on a small bird and may be there is a more easy solution.

But this works. Tested in osC 2.3.x.

 

I have the same problem as you, and know it is all repair 

 

 

 

4

 

Share this post


Link to post
Share on other sites

products_id=160{4}31

This problem has been discussed many times before. Apparently the Query String notation xxx{xxx}xxx (used for attributes) can be used for exploits, so for security reasons, many servers are removing the { } or otherwise disabling them, resulting in 404 errors. Whatever code in osC or add-ons that uses this { } notation will have to be fixed, but I haven't heard anything about progress on it. Simply removing the product attribute portion of the Query String (as you did) does not really fix the problem, although it will do as a temporary workaround.

Share this post


Link to post
Share on other sites

Hi,

a  bit easier would be to use (int)$v['id'] in that case.

Best regards

Christoph

Share this post


Link to post
Share on other sites
12 hours ago, MrPhil said:

 

 

This problem has been discussed many times before. Apparently the Query String notation xxx{xxx}xxx (used for attributes) can be used for exploits, so for security reasons, many servers are removing the { } or otherwise disabling them, resulting in 404 errors. Whatever code in osC or add-ons that uses this { } notation will have to be fixed, but I haven't heard anything about progress on it. Simply removing the product attribute portion of the Query String (as you did) does not really fix the problem, although it will do as a temporary workaround.

after 17 years of osC now fix for that. Thats a shame...


  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post


Link to post
Share on other sites

Avoid use of curly brackets. It is usually taken as a security concern by many hosts

Share this post


Link to post
Share on other sites

×