mcmannehan Posted March 12, 2017 Share Posted March 12, 2017 I find out that Ultimate SEO URLS5 have an issue with product links. If a product have Products Attributes than there create a link in the navbar modules shoping cart like this: catalog/product_info.php?products_id=160{4}31 After you click on it, a 404 error appears. We only need a product link like catalog/product_info.php?products_id=160 So i did the follow: open catalog/includes/modules/navbar_modules/templates/shopping_cart.php Find: foreach ($products as $k => $v) { echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>'; } and add the preg_replace foreach ($products as $k => $v) { $v['id'] = preg_replace('~(.*){[^{]+$~', '\\1', $v['id']); echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>'; } The preg_replace will delete all characters after the { and the { itself. May be this REGEX its a atomic bomb on a small bird and may be there is a more easy solution. But this works. Tested in osC 2.3.x. The clever one learn from everything and from everybody The normal one learn from his experience The silly one knows everything better [socrates, 412 before Christ] Computers help us with the problems we wouldn't have without them! 99.9% of the bugs sit in front of the computer! My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 if(isset($this) || !isset($this)){ // that's the question... Link to comment Share on other sites More sharing options...
mcmannehan Posted March 12, 2017 Author Share Posted March 12, 2017 error in my preg_replace have to change to: $v['id'] = preg_replace('~[{](.*)+$~', '', $v['id'], 1); this works perfect, also if product have more products attributes The clever one learn from everything and from everybody The normal one learn from his experience The silly one knows everything better [socrates, 412 before Christ] Computers help us with the problems we wouldn't have without them! 99.9% of the bugs sit in front of the computer! My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 if(isset($this) || !isset($this)){ // that's the question... Link to comment Share on other sites More sharing options...
MrPhil Posted March 15, 2017 Share Posted March 15, 2017 { and } in a URL Query String are a known problem, and have been discussed quite a bit. Curly braces are banned by a number of hosts as some sort of security issue. I don't know what the official replacement will be for this syntax. Link to comment Share on other sites More sharing options...
mcmannehan Posted March 15, 2017 Author Share Posted March 15, 2017 @@MrPhil I don't know why the URL link is created with the curly braces. So i remove them. The clever one learn from everything and from everybody The normal one learn from his experience The silly one knows everything better [socrates, 412 before Christ] Computers help us with the problems we wouldn't have without them! 99.9% of the bugs sit in front of the computer! My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 if(isset($this) || !isset($this)){ // that's the question... Link to comment Share on other sites More sharing options...
♥activeebiz Posted March 15, 2017 Share Posted March 15, 2017 @@MrPhil I don't know why the URL link is created with the curly braces. So i remove them. its for options/attributes , when you use the link to return to the product the options choosen and shown in the cart product will be auto selected on the product info page. Link to comment Share on other sites More sharing options...
mcmannehan Posted March 25, 2017 Author Share Posted March 25, 2017 @@activeebiz its for options/attributes , when you use the link to return to the product the options choosen and shown in the cart product will be auto selected on the product info page. I think this isn't necessary. Curly braces in the link are banned by a lot of hosters. The clever one learn from everything and from everybody The normal one learn from his experience The silly one knows everything better [socrates, 412 before Christ] Computers help us with the problems we wouldn't have without them! 99.9% of the bugs sit in front of the computer! My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 if(isset($this) || !isset($this)){ // that's the question... Link to comment Share on other sites More sharing options...
MrPhil Posted March 26, 2017 Share Posted March 26, 2017 Well, yeah. Some time ago, someone chose the syntax "{nn}" for options and attributes in osC. Later, hackers found they could abuse systems by using "{nn}" syntax, so many hosts banned (disabled) the use of braces in Query Strings. Unfortunately, this creates a problem for osC stores that use options and attributes, and the syntax will have to be changed to fix the problem. If you are seeing "{nn}" in your Query Strings, it means you are using options and/or attributes. Simply filtering them out is going to break your system in some way, hopefully minor (such as not having options preselected when returning to the cart). It would be better to fix the underlying problem (change the syntax). Link to comment Share on other sites More sharing options...
mcmannehan Posted April 12, 2017 Author Share Posted April 12, 2017 @@MrPhil Well, yeah. Some time ago, someone chose the syntax "{nn}" for options and attributes in osC. Later, hackers found they could abuse systems by using "{nn}" syntax, so many hosts banned (disabled) the use of braces in Query Strings. Unfortunately, this creates a problem for osC stores that use options and attributes, and the syntax will have to be changed to fix the problem. If you are seeing "{nn}" in your Query Strings, it means you are using options and/or attributes. Simply filtering them out is going to break your system in some way, hopefully minor (such as not having options preselected when returning to the cart). It would be better to fix the underlying problem (change the syntax). Since i filter them out, my system is still running very well, nothing breaks. I filter them out only in the product link of the cart modul in the header here: catalog/includes/modules/navbar_modules/templates/shopping_cart.php The clever one learn from everything and from everybody The normal one learn from his experience The silly one knows everything better [socrates, 412 before Christ] Computers help us with the problems we wouldn't have without them! 99.9% of the bugs sit in front of the computer! My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 if(isset($this) || !isset($this)){ // that's the question... Link to comment Share on other sites More sharing options...
math123 Posted July 19, 2017 Share Posted July 19, 2017 On 3/12/2017 at 1:54 PM, mcmannehan said: I find out that Ultimate SEO URLS5 have an issue with product links. If a product have Products Attributes than there create a link in the navbar modules shoping cart like this: catalog/product_info.php?products_id=160{4}31 After you click on it, a 404 error appears. We only need a product link like catalog/product_info.php?products_id=160 So i did the follow: open catalog/includes/modules/navbar_modules/templates/shopping_cart.php Find: foreach ($products as $k => $v) { echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>'; } and add the preg_replace foreach ($products as $k => $v) { $v['id'] = preg_replace('~(.*){[^{]+$~', '\\1', $v['id']); echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>'; } The preg_replace will delete all characters after the { and the { itself. May be this REGEX its a atomic bomb on a small bird and may be there is a more easy solution. But this works. Tested in osC 2.3.x. I have the same problem as you, and know it is all repair 4 Magento Reward Points, Magento 2 Banner Slider by Magestore, Magento 2 Module by Magestore, Magento module by Magestore Link to comment Share on other sites More sharing options...
MrPhil Posted July 19, 2017 Share Posted July 19, 2017 products_id=160{4}31 This problem has been discussed many times before. Apparently the Query String notation xxx{xxx}xxx (used for attributes) can be used for exploits, so for security reasons, many servers are removing the { } or otherwise disabling them, resulting in 404 errors. Whatever code in osC or add-ons that uses this { } notation will have to be fixed, but I haven't heard anything about progress on it. Simply removing the product attribute portion of the Query String (as you did) does not really fix the problem, although it will do as a temporary workaround. Link to comment Share on other sites More sharing options...
♥beerbee Posted July 19, 2017 Share Posted July 19, 2017 Hi, a bit easier would be to use (int)$v['id'] in that case. Best regards Christoph Link to comment Share on other sites More sharing options...
mcmannehan Posted July 20, 2017 Author Share Posted July 20, 2017 12 hours ago, MrPhil said: This problem has been discussed many times before. Apparently the Query String notation xxx{xxx}xxx (used for attributes) can be used for exploits, so for security reasons, many servers are removing the { } or otherwise disabling them, resulting in 404 errors. Whatever code in osC or add-ons that uses this { } notation will have to be fixed, but I haven't heard anything about progress on it. Simply removing the product attribute portion of the Query String (as you did) does not really fix the problem, although it will do as a temporary workaround. after 17 years of osC now fix for that. Thats a shame... The clever one learn from everything and from everybody The normal one learn from his experience The silly one knows everything better [socrates, 412 before Christ] Computers help us with the problems we wouldn't have without them! 99.9% of the bugs sit in front of the computer! My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 if(isset($this) || !isset($this)){ // that's the question... Link to comment Share on other sites More sharing options...
printyo Posted September 13, 2017 Share Posted September 13, 2017 Avoid use of curly brackets. It is usually taken as a security concern by many hosts Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.