Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Archived

This topic is now archived and is closed to further replies.

mcmannehan

Ultimate SEO URLS5

By mcmannehan, in General Support

Recommended Posts

mcmannehan    21

mcmannehan
Posted

I find out that Ultimate SEO URLS5 have an issue with product links.

 

If a product have Products Attributes than there create a link in the navbar modules shoping cart like this:

catalog/product_info.php?products_id=160{4}31

After you click on it, a 404 error appears.

 

We only need a product link like catalog/product_info.php?products_id=160

So i did the follow:

open

catalog/includes/modules/navbar_modules/templates/shopping_cart.php

Find:

foreach ($products as $k => $v) {
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
}

and add the preg_replace

foreach ($products as $k => $v) {
  $v['id'] = preg_replace('~(.*){[^{]+$~', '\\1', $v['id']);
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
}

The preg_replace will delete all characters after the { and the { itself.

May be this REGEX its a atomic bomb on a small bird and may be there is a more easy solution.

But this works. Tested in osC 2.3.x.

 

 

 

 

 

  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post

Link to post
Share on other sites

mcmannehan    21

mcmannehan
Posted

error in my preg_replace

 

have to change to:

$v['id'] = preg_replace('~[{](.*)+$~', '', $v['id'], 1);

this works perfect, also if product have more products attributes

  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post

Link to post
Share on other sites

MrPhil    648

MrPhil
Posted

{ and } in a URL Query String are a known problem, and have been discussed quite a bit. Curly braces are banned by a number of hosts as some sort of security issue. I don't know what the official replacement will be for this syntax.

Share this post

Link to post
Share on other sites

mcmannehan    21

mcmannehan
Posted

@@MrPhil

I don't know why the URL link is created with the curly braces. So i remove them.

  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post

Link to post
Share on other sites

♥activeebiz    2

activeebiz
Posted

@@MrPhil

I don't know why the URL link is created with the curly braces. So i remove them.

 

its for options/attributes , when you use the link to return to the product the options choosen and shown in the cart product will be auto selected on the product info page.

Share this post

Link to post
Share on other sites

mcmannehan    21

mcmannehan
Posted

@@activeebiz

 

its for options/attributes , when you use the link to return to the product the options choosen and shown in the cart product will be auto selected on the product info page.

 
I think this isn't necessary. Curly braces in the link are banned by a lot of hosters.

  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post

Link to post
Share on other sites

MrPhil    648

MrPhil
Posted

Well, yeah. Some time ago, someone chose the syntax "{nn}" for options and attributes in osC. Later, hackers found they could abuse systems by using "{nn}" syntax, so many hosts banned (disabled) the use of braces in Query Strings. Unfortunately, this creates a problem for osC stores that use options and attributes, and the syntax will have to be changed to fix the problem.

 

If you are seeing "{nn}" in your Query Strings, it means you are using options and/or attributes. Simply filtering them out is going to break your system in some way, hopefully minor (such as not having options preselected when returning to the cart). It would be better to fix the underlying problem (change the syntax).

Share this post

Link to post
Share on other sites

mcmannehan    21

mcmannehan
Posted

@@MrPhil

 

Well, yeah. Some time ago, someone chose the syntax "{nn}" for options and attributes in osC. Later, hackers found they could abuse systems by using "{nn}" syntax, so many hosts banned (disabled) the use of braces in Query Strings. Unfortunately, this creates a problem for osC stores that use options and attributes, and the syntax will have to be changed to fix the problem.
 
If you are seeing "{nn}" in your Query Strings, it means you are using options and/or attributes. Simply filtering them out is going to break your system in some way, hopefully minor (such as not having options preselected when returning to the cart). It would be better to fix the underlying problem (change the syntax).

 
Since i filter them out, my system is still running very well, nothing breaks. I filter them out only in the product link of the cart modul in the header here: catalog/includes/modules/navbar_modules/templates/shopping_cart.php

  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post

Link to post
Share on other sites

math123    0

math123
Posted
On 3/12/2017 at 1:54 PM, mcmannehan said:

I find out that Ultimate SEO URLS5 have an issue with product links.

 

If a product have Products Attributes than there create a link in the navbar modules shoping cart like this:

catalog/product_info.php?products_id=160{4}31

After you click on it, a 404 error appears.

 

We only need a product link like catalog/product_info.php?products_id=160

So i did the follow:

open

catalog/includes/modules/navbar_modules/templates/shopping_cart.php

Find: 


foreach ($products as $k => $v) {
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
}

and add the preg_replace 


foreach ($products as $k => $v) {
  $v['id'] = preg_replace('~(.*){[^{]+$~', '\\1', $v['id']);
  echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']) . '</li>';
}

The preg_replace will delete all characters after the { and the { itself.

May be this REGEX its a atomic bomb on a small bird and may be there is a more easy solution.

But this works. Tested in osC 2.3.x.

 

I have the same problem as you, and know it is all repair 

 

 

 

4

 

Magento Reward PointsMagento 2 Banner Slider by MagestoreMagento 2 Module by Magestore, Magento module by Magestore

Share this post

Link to post
Share on other sites

MrPhil    648

MrPhil
Posted

products_id=160{4}31

This problem has been discussed many times before. Apparently the Query String notation xxx{xxx}xxx (used for attributes) can be used for exploits, so for security reasons, many servers are removing the { } or otherwise disabling them, resulting in 404 errors. Whatever code in osC or add-ons that uses this { } notation will have to be fixed, but I haven't heard anything about progress on it. Simply removing the product attribute portion of the Query String (as you did) does not really fix the problem, although it will do as a temporary workaround.

Share this post

Link to post
Share on other sites

♥beerbee    41

beerbee
Posted

Hi,

a  bit easier would be to use (int)$v['id'] in that case.

Best regards

Christoph

Share this post

Link to post
Share on other sites

mcmannehan    21

mcmannehan
Posted
12 hours ago, MrPhil said:

 

 

This problem has been discussed many times before. Apparently the Query String notation xxx{xxx}xxx (used for attributes) can be used for exploits, so for security reasons, many servers are removing the { } or otherwise disabling them, resulting in 404 errors. Whatever code in osC or add-ons that uses this { } notation will have to be fixed, but I haven't heard anything about progress on it. Simply removing the product attribute portion of the Query String (as you did) does not really fix the problem, although it will do as a temporary workaround.

after 17 years of osC now fix for that. Thats a shame...

  • The clever one learn from everything and from everybody
  • The normal one learn from his experience
  • The silly one knows everything better

[socrates, 412 before Christ]

Computers help us with the problems we wouldn't have without them!
99.9% of the bugs sit in front of the computer!
My programmed add-ons: WDW EasyTabs 1.0.3, WDW Facebook Like 1.0.0 

if(isset($this) || !isset($this)){ // that's the question...

 

Share this post

Link to post
Share on other sites

printyo    1

printyo
Posted

Avoid use of curly brackets. It is usually taken as a security concern by many hosts

Share this post

Link to post
Share on other sites
Go To Topic Listing General Support
×