romank

Member
  • Content count

    23
  • Joined

  • Last visited

Community Reputation

0 Neutral
  1. I guess it all boils down to these lines in gateway.inc.php $cart_order_id = sanitizeVar($_SESSION['cart_order_id']); $skipEmail = true; $order->orderStatus(6,$_SESSION['cart_order_id'], $force = false, $skipEmail); $order->deleteOrder($_SESSION['cart_order_id']); Gotta take a payment for an order, better delete it and recreate with totally different billing information, even thought nobody asked me to do it. Makes sense. Hats off to the developer who wrote this, I have never seen a worse piece of logic and code in my entire life. Question is, do I bother fixing this by not deleting the order and stop the insert from being run twice, or would that break even more things in this amazingly written piece of software?
  2. Hi, a client of mine is running a CubeCart 4 website, using PayPal Pro as the checkout module. We have found out that if I go through the cart and enter white@mail.com as my e-mail account, then pay using my paypal account which is registered on black@mail.com account, both the customer e-mail and the order summary e-mail is changed to black@mail.com. Is this a feature? Can anyone please point me to a line/method I should change so the e-mail remains unchanged? Loads of customers are complaining about not receiving the order confirmation, as it gets delivered to their paypal e-mail, which they might not even be using daily. I went through the paypal module, order class and gateway include file but cant find the exact place where this happens.
  3. Desperate update from me. When I var_dump my $_GET somewhere in the catalogue.class.php just before the sorting goes to effect, I actually see this: ["sort[price]"]=> string(3) "ASC" When I dump my $_REQUEST, I see this: ["sort"]=> array(1) { ["price"]=> string(3) "ASC" } So clearly somewhere around the way, stuff goes very wrong and turns an array and a value into a string!!! Even when I bypass cleanGlobals(), the result is still the same. It is absolutely beyond me where and why and how this is happening and in top of it - how come the $_REQUEST array is kept intact. (Here, shamelessly presenting my disgusting temporary fix:) if (isset($_REQUEST['sort'])) { $_GET['sort'] = $_REQUEST['sort']; } if (isset($_REQUEST['search'])) { $_GET['search'] = $_REQUEST['search']; }
  4. I have not, here it is: CubeCart Version 5.2.1 PHP Version 5.4.43 MySQL Version 50548
  5. I am using version 5.2.1. I am positive this has worked flawlessly for past few years/months, just noticed it recently in the error log. If everything seems ordinary, do you please have any idea what else might be wrong?
  6. This is bringing some strange stuff - I did what you asked and I also print out the entire $data from the _clean() method. After ONE click on the website, I get two records in the error log: [11-Mar-2016 22:16:18 UTC] PHP Warning: Security Warning: Illegal array key GET "sort[price]" was detected and was removed. Entire array: Array ( [seo_path] => xxx [_a] => category [sort[price]] => ASC ) URL: /xxx.html?_a=category&sort[price]=ASC in /home/tradeloc/public_html/classes/sanitize.class.php on line 89 [11-Mar-2016 22:16:18 UTC] PHP Warning: Security Warning: Illegal array key REQUEST "sort[price]" was detected and was removed. Entire array: Array ( [seo_path] => xxx [_a] => category [sort] => Array ( [price] => ASC ) [__utma] => 131230282.703056860.1409656154.1457728420.1457732214.320 [__utmz] => 131230282.1452426433.205.5.utmcsr=3.basecamp.com|utmccn=(referral)|utmcmd=referral|utmcct=/ [member_id] => 0 [pass_hash] => 0 [ipsconnect_e230f3ddfa042ff09c509581fffca84a] => 0 [_ga] => GA1.3.830321126.1432714418 [whoson] => 862-1453479549677 [__atuvc] => 0|6,10|7,0|8,0|9,4|10 [__utmc] => 131230282 [__utmb] => 131230282.13.10.1457732214 [PHPSESSID] => df805f0c08297498cf65f529bccc7a75 [__utmt] => 1 [sort[price]] => ASC ) URL: /xxx.html?_a=category&sort[price]=ASC in /home/tradeloc/public_html/classes/sanitize.class.php on line 89 So it seems there is a redirect or something? Is this standard behavior?
  7. I dont have cache enabled, but I have cleared it anyway, to no avail. This is the html of the sort select: <form action="xxx" method="post"> <select name="sort" class="listSelect auto_submit dropDown textbox"> <option value="">-- Please Select --</option> <option value="name|DESC" >Name (Z-A)</option> <option value="name|ASC" >Name (A-Z)</option> <option value="date_added|DESC" >Date Added (Newest First)</option> <option value="date_added|ASC" >Date Added (Oldest First)</option> <option value="price|DESC" >Price (High-Low)</option> <option value="price|ASC" >Price (Low-High)</option> </select> </form> and this is the $SORTING variable from the smarty debug window: Smarty_Variable Object (3) ->value = Array (6) 0 => Array (5) name => "Name" field => "name" order => "DESC" direction => "Z-A" selected => "" 1 => Array (5) name => "Name" field => "name" order => "ASC" direction => "A-Z" selected => "" 2 => Array (5) name => "Date Added" field => "date_added" order => "DESC" direction => "Newest First" selected => "" 3 => Array (5) name => "Date Added" field => "date_added" order => "ASC" direction => "Oldest First" selected => "" 4 => Array (5) name => "Price" field => "price" order => "DESC" direction => "High-Low" selected => "" 5 => Array (5) name => "Price" field => "price" order => "ASC" direction => "Low-High" selected => "" ->nocache = false ->scope = "file:templates/content.category.php" When I enable CC debug, there are no errors/warnings apart from the one mentioned above: Security Warning: Illegal array key "sort[price]" was detected and was removed. I am very close to adjusting the regular expression so the sort[price] would pass, because I am running out of ideas and everything seem to be in order apart from the damn sanitize issue
  8. Hi bsmither, was hoping you would come to help! I have figured out the process where it makes the pipe separated value into an array key and value, just like you explained, but couldnt figure out why is it failing the preg in the _clean() method anyway. This is my template file: <div class="select_list align_right margintop30"> <form action="{$VAL_SELF}" method="post"> <select name="sort" class="listSelect auto_submit dropDown textbox"> <option value="">{$LANG.form.please_select}</option> {foreach from=$SORTING item=sort} <option value="{$sort.field}|{$sort.order}" {$sort.selected}>{$sort.name} ({$sort.direction})</option> {/foreach} </select> </form> </div> This is the piece of code from the Cubecart::_category() method which splits the pipe and makes it an array: <?php $query = array(); if (isset($_POST['sort'])) { list($field, $order) = explode('|', $_POST['sort']); $query['sort'][$field] = $order; if (isset($_GET['search'])) { foreach ($_GET['search'] as $key => $value) { $query['search'][$key] = $value; } } } ?> I have noticed more things in the error log: [11-Mar-2016 16:19:51 UTC] PHP Warning: Security Warning: Illegal array key "$" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 89 [11-Mar-2016 16:20:07 UTC] PHP Warning: Security Warning: Illegal array key "search[keywords]" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 89 I downloaded the latest CC 5 and looked into the files (sanitize class, cubecart class, category template) but the code really seems identical. I simply dont understand what has happened that makes legit variables like sort and search fail the sanitize process.
  9. Meanwhile the search parameters works perfectly. search[keywords]=test I honestly dont understand how come search[] is allowed but somehow sort[] is suddenly getting stripped.
  10. For all I know, 5 and 6 are pretty much identical. Yes, turned it on, the only suspicious thing it yields is the error message I posted above.
  11. Hi keat, when I go to any category page on the front end and try to change the order of the products (by price, by name, ..) it still stays default and I get the message above. I have downloaded the latest CC 5 and compared the sanitize.class.php files, apart from some new items in the $exempt array, there is absolutely no difference. The sort[price] variable is simply getting sanitized and removed, even though its valid.
  12. Hi, I have noticed today that I cant sort the products using the select on the category page, as I am getting this error: Security Warning: Illegal array key "sort[price]" was detected and was removed. in /home/xxx/public_html/classes/sanitize.class.php on line 88 I have done loads of custom changes to my cubecart installation, but I am not aware of touching this part at all - shouldnt the sort array be somehow exempted or something?
  13. Thank you bsmither, you save the day as usual, works perfectly. Hope this thread will help also someone who might encounter the same issue in the future.
  14. Hi, I am running 5.2.1. I have always had a copyright removal key on my website, but sometime in past few days, the Powered by CubeCart has started to appear in my titles and in the footer. As instructed in the license server shutdown email and also by some posts on this forum, I have downloaded the latest v5 package and replaced the admin.php file. The admin panel is not letting me enter the copyright key, it does not get saved. Can you please tell me how to get rid of the copyright ASAP? It extremely important to me, as its corrupting my SEO. Is this something I should bring to the support site and file a ticket?