Search the Community
Showing results for tags 'Security'.
Hi all, I am getting a very odd security warning when trying to access items in our online store at www.pacworks.biz. Here is the message that I am getting when trying to click on different menu items: Security Warning Parsed array keys can not contain illegal characters! Script execution has been halted. It may be possible to fix this error by deleting your browsers cookies and refresh this page. This message just randomly started appearing. I did a search trying to figure out a solution to this problem and it seems like people are saying that it is a problem with some PHP coding. The odd thing is that we have not changed any of the code, nor installed any third party plugins in at least 6 months and our store has been running fine. I also haven't changed any of the store settings in the CubeCart dash board. I know CSS and HTML, but I am not a PHP programmer, so I am not sure what to look for to fix this problem. Here is some info that may help diagnose my problem: I am using CubeCart 4.3.3 I have tested on multiple web browsers and got the same error message Thanks in advance for any help!
There are three aspects to a digital download's location: * as seen in the Digital Options file picker (Product, Digital tab) * the Custom File Path (Product, Digital tab) * the Custom Root File Path (Store Settings, Stock tab) -- not applicable to CC6 If you use the Custom File Path, all else is ignored. The value you enter here is taken exactly as entered. The term File Path, in this case, also means that there is a File Name attached. A fully qualified web address can also be used. (If a web address is used, Cubecart will send a 302 Redirect to have the browser download the file directly from that address. Normally, the web address of the Redirect is not visible to the casual browser user. But if the user is monitoring web traffic in and out of the browser, the address will be seen in the page request headers.) Examples: /home/username/private_dir/store_downloads/digital_file.mp3 (http, or https, or ftp)://www.storename.com/downloads_dir/digital_file.mp3 If you use the Custom Root File Path, this becomes the starting point that the Digital Options file picker list window uses to display directories and files, and the Downloads, Upload tab will deposit uploaded files. The term File Path, in this case, is just the path, with no trailing slash. Example: /home/username/private_dir/store_downloads If you do not use the Custom Root File Path, the starting point is the /files/ directory in the Cubecart installation that the Digital Options file picker list window uses to display directories and files, and the Downloads, Upload tab will deposit uploaded files. Except for the method used where the web address is sent to the browser in the 302 Redirect response, CubeCart will have PHP send the file, unmanaged, in 8KB chunks to the browser. (Unmanaged means there is no 'resuming' at the point of failure of a failed download.) At no point will the user be able to determine where the file is actually located. That said, if the starting point is somewhere inside the CubeCart installation, the file can be requested directly, if somehow known what the filename is. As such, it will be to your benefit to add an .htaccess file that prohibits directory listing, and prohibits direct access from everyone except a page request referred by your own store. These lines should suffice: Options -Indexes IndexIgnore * Order deny,allow Deny from all <FilesMatch "print.*.php$" > (See note) Allow from all </Files> Points to consider: The database table CubeCart_filemanager records the path, if there is one, relative to the file picker's starting point. If you upload files (in admin, Downloads, Upload tab), the files will be stored in the starting point folder. (On the Files tab, you may edit the file properties and change the file's location to a different sub-folder.) If you should open your store and not have entered a Custom Root File Path, have uploaded files (to /files/), then later decide to enter a Custom Root File Path (or change an existing path), you will need to use an FTP program to move the files and folders from where they are now to the new location. The FilesMatch directive could be written to allow any .php file. The expectation is that CubeCart (and third-party developers) will only put files here temporarily - and they will end in .php. All other file types, mp3, mov, pdf, doc, etc, will not be reachable by a web browser. My testing has shown there to be an issue with using a Custom Root File Path. When the file picker window lists the folder(s), I see two entries of the same folder name. (I only have one sub-folder at the starting point for my experiments.) (There is another issue with using a Custom Root File Path, which I think is related to a Windows-based server filesystem. Clicking on the folder name in the file picker window does nothing. It is important to enter the path not using backslashes: L:/WebServer/store_downloads. Backslashes will be removed. There is also an issue with the FileManager saving data to the CubeCart_filemanager table when the database is in strict mode. There will be a 500 Internal Server Error. These issues must be dealt with by someone other than Devellion.)
Hi Just getting going and trying to make the site a little more secure. Are there any instructions as to how to change the Admin folder to a new name (say admin123) in version 5. The only thing I found on the subject was this. http://forums.cubecart.com/topic/44047-move-admin-area/?hl=%2Bmove+%2Badmin But they never discussed it further. I would be grateful if someone could help Best Regards
Guest posted a topic in Technical HelpHi Everyone, I am trying to get my site and cart PCI Compliant (secure credit card transactions) and am using McAfee Secure. I am not getting this message: "Sensitive Cookie Missing 'HTTPONLY' Attribute" which means there is a security risk and something I have to fix. Anyone heard of this, know how to fix? My CubeCart is hosted on Bluehost. Thanks. Patrice