convict

ISO - US ISO3 - USA NUMERIC - 840

Just create a temporary admin and send me the access data via PM will be checking...

You are welcome :)

Thanks so much for the offer of help convict. Just PM'd you the link. Solved. :wacko:

I posted you the path to the file - include/global.inc.php. Just search the store root folder on your site. The Store root folder is the one that contains files named admin, classes, docs, extra, images, includes, js, language, modules, pear and skins. Go to includes folder and open global.inc.php file

@ teknia this is pure session issue NOT an admin password. Please check your site URL is correct defined. The issue ocurs the site URL in your include/global.inc.php is without www in site name and you do site access with www in URL and counter. @ jodyg Please check your $glob['rootRel'] value in includes/global.inc.php it cannot be empty.

Thank you There is no reason to post such request here. CubeCart.com is not related (and doesnt support) to any 3rd Party mods. :)

@ antzypants Huh, you dont have any permission to attach this mod here ;)

Thank you for taking the time to look. Like I said, after edits to ini.inc.php, there aren't error messages (that I see), but maybe you'll notice a security problem or something? That's my main concern right now. It's just the basic install so far, with some tax, shipping, etc. setup done. It's at http://chellsroost.com/shop/. Tested - no security mesage there using IE & FF ;)

@ tshells, Windy Miller Please post here the URL to your store. If you prefer to prevent the publicity send me it via PM will have a look.

Suppose this is a result of the CubeCart 3 security audit.

Oh yes, valid category name , just noticed similar update in category box code :D

You didnt empty the basket or didnt do the hack in includes/boxes/shoppingCart.inc.php stated here http://www.cubecart.com/site/forums/index....st&p=110584

just updated my prevous post...

Open includes/content/viewCat.inc.php SEARCH FOR $view_cat->assign("CURRENT_DIR",validHTML(getCatDir($currentCat[0]['cat_name'],$currentCat[0]['cat_father_id'], $currentCat[0]['cat_id'], $link=TRUE))); REPLACE WITH $view_cat->assign("CURRENT_DIR",getCatDir($currentCat[0]['cat_name'],$currentCat[0]['cat_father_id'], $currentCat[0]['cat_id'], $link=TRUE)); This code is from previous versions. 3.0.14 causes html entities issue if more than one level of categories because of links. Html tag marks are changed to html entity. Latest product - there is a new class for products where height of the particular product box is 100 pixels. This is the 'problem', you have to increase this value. layout.css

It seems you use the basket content created with 3.0.13 - please do empty basket and try again. OR In case huge customer base and big traffic on your store do following in includes/content/cart.inc.php includes/boxes/shoppingCart.inc.php SEARCH FOR $options = explode("|",$optionKeys) ADD BEFORE $optionKeys = str_replace(".","|",$optionKeys); This translates old created options to meet latest code changes.

Great Please let us know if it fixes with issue. I get the same error message - but only when changing the quantity in the cart. I have changed switch.php and removed cookies but to no avail. Strange thing is, it only effects some items in the cart and not others..... Any ideas? This happens if there is a product with multi options in cart. You may disable the security feature sa Al stated above or fix it in 3 files: classes/cart.php includes/boxes/shoppingCart.inc.php includes/content/cart.php SEARCH FOR "." REPLACE WITH "_" Note: includes/content/cart.php do it only for first occurence. I am talking about unmodified cubecart files. EDIT: "." replacement should be any of characters definied as allowed in security code, "|" instead of "_" in the official release will be the right one probably.

Please have a look into both of index.tpl only one conatains the </body> tag. cart.tpl does exist only in global folder. Both of files roban pointed you resides in the same folder.

The issue causes additional code in treatGet function however security improvement. If the URL contains treatGet changes it to The second amp; is the big problem! str_replace does replace only $amp; to & remains there and it looks like afterwards. Only you need is change following: switch.php SEARCH FOR header("Location: ".str_replace("&amp;","&",treatGet($_GET['r']))); REPLACE WITH (you have to do it twice!) header("Location: ".str_replace('amp;','',treatGet($_GET['r']))); includes/content/reg.php SEARCH FOR header("Location: ".str_replace("&amp;","&",$redir)); REPLACE WITH header("Location: ".str_replace('amp;','',$redir)); I have found useless security featuere in includes/content/login.inc.php $_GET['redir'] = treatGet($_GET['redir']); header("Location: ".str_replace("&amp;","&",base64_decode(treatGet($_GET['redir'])))); Should be header("Location: ".str_replace('amp;','',treatGet(base64_decode($_GET['redir']))));

Well but PayPal site does it - not related to customer browser Not in default CubeCart code.

It would be the FireFox Internet Explorer :)

Its me. : He is da MAN! Cool thread mate See this post Good idea to add tracking code to orderSuccess file but useless for gateways with similar feature like PayPal IPN has - it never shown in customer browser / cookies are burned out / images are not used...

Cool. I have edited original post because of $glob vs $GLOBALS :sleep:

Try following in CC 3.0.12 and older: if($glob['rootRel']=="/"){ $sessionName = "ccSID"; } else { $sessionName = "ccSID-".md5($glob['rootRel']); } session_name($sessionName); @ini_set("session.cookie_path",$GLOBALS['rootRel']); session_start();

Unoficial of course: Your fix is not general but cart installed in site root folder only. The fix could be following (3.0.12 and older): admin/login.php if($glob['rootRel']=="/"){ $sessionName = "ccSID"; } else { $sessionName = "ccSID-".md5($glob['rootRel']); } session_name($sessionName); @ini_set("session.cookie_path",$GLOBALS['rootRel']); session_start(); $_SESSION['ccAdminPath'] = $GLOBALS['rootRel']; admin/includes/auth.inc.php if($glob['rootRel']=="/"){ $sessionName = "ccSID"; } else { $sessionName = "ccSID-".md5($glob['rootRel']); } session_name($sessionName); @ini_set("session.cookie_path",$GLOBALS['rootRel']); session_start(); I tested it before and it works on any folder. However path ends with / if store is installed in any sub folder $sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1); gets rid of ending / however the result on site root folder store is BLANK, default PHP setting for session.cookie_path is /. It depends to server and browser probably. If the init session.cookie_path is called just before the session_name, some browser cookies get the curent store folder instead of default PHP setting /.