DAVID3733 Posted June 21, 2019 Share Posted June 21, 2019 Hi there Running 2.3.4.1 CE BS4 pretty much updated with latest changes from the Github as of the 31st may( dont think I have missed any), PHP 7.2.16 etc Never used Product attributes before but been using them with a vengeance over the last few weeks and now have loads, like them they are helpful and create a off sales all I thought was working well but just noticed something Seems to have a issue when someone adds something to the cart, then comes back to it the link to get the the product again, if they added a attribute is something like /product_info.php?products_id=36696{18}39 this is creating a 404 Now of course before i posted this I spent the last hour trying to find a fix, but although I can see I am not the only one who has has a issue with it I have yet to find a fix, by what everyone is saying its the curly braces, if i remove them from the url it does at least go to the right page but as product attribute has been around so long I am sure someone has a proper fix for it Could someone point me in the right direction Kindest regards David David Link to comment Share on other sites More sharing options...
DAVID3733 Posted June 21, 2019 Author Share Posted June 21, 2019 After much more reading it appears the the curly braces are seen as a security issue in the URL which is why my server is not liking them I have asked my host to confirm and awaiting a reply If i delete the curly brace and just use a space it seems to work the only link that i can find so far that is causing the problem is the Nav-bar shopping cart Bit concerned that it might also be somewhere else, it seems to be that the fix is to urlencode the URL just experimenting on how to do this at the moment, not getting far though, unfortunately working on live shop as my test one is down this is the template file <li class="nav-item dropdown nb-shopping-cart"> <a class="nav-link dropdown-toggle" href="#" id="navDropdownCart" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <?php echo sprintf(MODULE_NAVBAR_SHOPPING_CART_CONTENTS, $cart->count_contents()); ?> </a> <div class="dropdown-menu<?php echo $menu_align; ?>" aria-labelledby="navDropdownCart"> <?php echo '<a class="dropdown-item" href="' . tep_href_link('shopping_cart.php') . '">' . sprintf(MODULE_NAVBAR_SHOPPING_CART_HAS_CONTENTS, $cart->count_contents(), $currencies->format($cart->show_total())) . '</a>'; if ($cart->count_contents() > 0) { echo '<div class="dropdown-divider"></div>' . PHP_EOL; $products = $cart->get_products(); foreach ($products as $k => $v) { echo sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']); } echo '<div class="dropdown-divider"></div>' . PHP_EOL; echo '<a class="dropdown-item" href="' . tep_href_link('checkout_shipping.php', '', 'SSL') . '">' . MODULE_NAVBAR_SHOPPING_CART_CHECKOUT . '</a>' . PHP_EOL; } ?> </div> </li> <?php if i work it out i will post back here regards David Link to comment Share on other sites More sharing options...
DAVID3733 Posted June 21, 2019 Author Share Posted June 21, 2019 by changing to echo sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, $v['id'], $v['quantity'], $v['name']); to echo sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, urlencode($v['id']), $v['quantity'], $v['name']); means the url is no longer broken But i do not think it carries the attributes over as i think it should the URL is now something like product_info.php?products_id=36696%7B18%7D46 (36696{18}46) better than a 404 but not perfect, tired now though was up early David David Link to comment Share on other sites More sharing options...
MrPhil Posted June 21, 2019 Share Posted June 21, 2019 This topic is not new -- it has received considerable discussion over the years. If you search out the conversation (google it, don't use the built-in search), you might find some clues on how to move forward with this. I don't recall if there were any good solutions (or near-solutions) found. Link to comment Share on other sites More sharing options...
ArtcoInc Posted June 21, 2019 Share Posted June 21, 2019 As @MrPhil mentioned, this has been an issue for a long time. When osC was first written, the use of curly braces was acceptable in URLs. At some point in time, the 'internet powers that be' decided that it was no longer acceptable. As far as I know, this is a core issue in osC, and to resolve it would require major core structural changes. As such, no good solutions have been found. M Link to comment Share on other sites More sharing options...
MrPhil Posted June 30, 2019 Share Posted June 30, 2019 urlencode() of the string with {}'s apparently will work, but is ugly. No one has come up with a better way yet, such as using <>'s or ()'s instead. So long as the replacements don't have a special meaning to URLs, SQL, or PHP, and are not otherwise prohibited, they should work. You could even just write a {} -> () routine instead of urlencode(), but you'll still need to deal with () instead of {} on the receiving end. Core changes either way, but worth it. Link to comment Share on other sites More sharing options...
burt Posted July 1, 2019 Share Posted July 1, 2019 https://www.oscommerce.com/forums/topic/396152-bootstrap-3-in-234-responsive-from-the-get-go/?do=findComment&comment=1746915 Link to comment Share on other sites More sharing options...
MrPhil Posted July 7, 2019 Share Posted July 7, 2019 So did Phoenix finally fix this (replace { } by something else) or is it still broken? It is undesirable to urlencode the { }, as it looks tacky (although it does more or less work). Are there enough saved URLs out there to make preserving the use of { } the least evil choice, even though they're unlikely to work anyway (if not urlencoded)? Link to comment Share on other sites More sharing options...
♥JcMagpie Posted July 7, 2019 Share Posted July 7, 2019 Phoenex version 1.0.0.2 Link to comment Share on other sites More sharing options...
MrPhil Posted July 7, 2019 Share Posted July 7, 2019 So what is in $parameters? Is it { and } or something else? It appears that tep_output_string will only translate " to " (whatever that does for a URL). Link to comment Share on other sites More sharing options...
♥JcMagpie Posted July 7, 2019 Share Posted July 7, 2019 Same code as official oscommerce.... if (tep_not_null($parameters)) { $link .= $page . '?' . tep_output_string($parameters); $separator = '&'; } else { $link .= $page; $separator = '?'; } Link to comment Share on other sites More sharing options...
MrPhil Posted July 7, 2019 Share Posted July 7, 2019 tep_output_string() appears to be cleanup for HTML display, not for correct URLs. I think it's been used incorrectly here for a long time. Link to comment Share on other sites More sharing options...
kgtee Posted July 8, 2019 Share Posted July 8, 2019 Try this. It works! Quote echo '<li>' . sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, current(explode("{", $v['id'])), $v['quantity'], $v['name']) . '</li>'; Link to comment Share on other sites More sharing options...
DAVID3733 Posted July 8, 2019 Author Share Posted July 8, 2019 Thanks Kgtee I have used echo sprintf(MODULE_NAVBAR_SHOPPING_CART_PRODUCT, current(explode("{", $v['id'])), $v['quantity'], $v['name']); It looks prettier as a URL than the URLencoded "{ and }" (%7B and %7D), unfortunately still does not carry the attribute though Kindest regards David Link to comment Share on other sites More sharing options...
kgtee Posted July 8, 2019 Share Posted July 8, 2019 @DAVID3733 I was thinking to eliminate the 404 error by removing the attributes entirely. Indeed your urlencode does just the same in removing the {. The product href link in the NAV_BAR module has no purpose anyway other than re-directing the click to the product info page. 😁 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.