Al Brookbanks Posted February 23, 2006 Share Posted February 23, 2006 Hi, A method of fixing a security hole in 3.0.6 caused the declaration of a variable too early causing shared SSL to fail. Please either upload the attached file over your existing /includes/session.inc.php Or replace: $_GET['ccUser'] = treatGet($_GET['ccUser']); $_COOKIE['ccUser'] = treatGet($_COOKIE['ccUser']); if(isset($_COOKIE['ccUser'])){ $sessId = base64_decode($_COOKIE['ccUser']); } elseif(isset($_GET['ccUser'])){ $sessId = $_GET['ccUser']; } With: if(isset($_COOKIE['ccUser'])){ $_COOKIE['ccUser'] = treatGet($_COOKIE['ccUser']); $sessId = base64_decode($_COOKIE['ccUser']); } elseif(isset($_GET['ccUser'])){ $_GET['ccUser'] = treatGet($_GET['ccUser']); $sessId = $_GET['ccUser']; }session.inc.php Quote Link to comment Share on other sites More sharing options...
Guest niko18 Posted February 23, 2006 Share Posted February 23, 2006 This did not fix my problem. I still cannot add anything to the cart with SSL turned on. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted February 23, 2006 Author Share Posted February 23, 2006 can you provide a link to test? Delete your cookies and close the browser window and try again. My test site is here: http://308.cubecart.com/upload/ Quote Link to comment Share on other sites More sharing options...
Guest mashurst Posted February 24, 2006 Share Posted February 24, 2006 I uploaded the new file and performed a couple of tests. So far, so good. Thanks again for all of the assistance. -M Quote Link to comment Share on other sites More sharing options...
Guest niko18 Posted February 24, 2006 Share Posted February 24, 2006 It fixed for me too so far now. But the only thing now is i get errors in the admin menu... Warning: main(home/nt7gniko/public_html/upload//classes/db.inc.php): failed to open stream: No such file or directory in /home/.garfy/nt7gniko/discountaudio101.com/upload/admin/includes/auth.inc.php on line 53 Warning: main(): Failed opening 'home/nt7gniko/public_html/upload//admin/includes/navigation.inc.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/.garfy/nt7gniko/discountaudio101.com/upload/admin/includes/header.inc.php on line 57 Quote Link to comment Share on other sites More sharing options...
Guest walmarc Posted February 28, 2006 Share Posted February 28, 2006 It fixed for me too so far now. But the only thing now is i get errors in the admin menu... Warning: main(home/nt7gniko/public_html/upload//classes/db.inc.php): failed to open stream: No such file or directory in /home/.garfy/nt7gniko/discountaudio101.com/upload/admin/includes/auth.inc.php on line 53 Warning: main(): Failed opening 'home/nt7gniko/public_html/upload//admin/includes/navigation.inc.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/.garfy/nt7gniko/discountaudio101.com/upload/admin/includes/header.inc.php on line 57 I'm thinking the above works for a shared SSL but stuffs up CC for those who have a dedicated SSL. That is my experience - had to revert to the 3.0.8 file! Quote Link to comment Share on other sites More sharing options...
Guest gwizard Posted March 1, 2006 Share Posted March 1, 2006 I did a manual upgrade using WinMerge and I have dedicated SSL. All works fine with absolutelly no errors at all. Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted March 4, 2006 Share Posted March 4, 2006 3.09 has this fix included but i still have problems with shared SSL. Adds fine but when i go to view the cart "no items" when i go out of the cart they are there. IE does this but FF works fine ;) Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted March 5, 2006 Share Posted March 5, 2006 Some Browsers (EG Internet Explorer) will not allow one domain to set a cookie to be read by another even if you strictly request it too... I think though im not 100% sure about this that M$ fixed this in v7 but from what i can gather without turning you whole store into a SSL nightmare you cant add items to the basket on your normal domain then view them on your true domain... maybe someone can correct me on this if they now have shared SSL working on thier site... (NOTE: this doesn't affect Dedicated SSL as it is on the same domain) Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted March 6, 2006 Share Posted March 6, 2006 Thanks aikdo for your reply, even if ver7 of IE is out we cannot make customers upgrade (due to various reasons such as hardware, dont know how etc) and as soon as they find a problem 99% of them will go away :alien: Quote Link to comment Share on other sites More sharing options...
Guest mashurst Posted March 14, 2006 Share Posted March 14, 2006 Thanks aikdo for your reply, even if ver7 of IE is out we cannot make customers upgrade (due to various reasons such as hardware, dont know how etc) and as soon as they find a problem 99% of them will go away I thought my problem was gone, but then two customers in a row called me to place phone orders and then described the problem. Now, I don't know what to do. I am commited to cubecart mentally and financially, so I want to see this through very badly. I have shared ssl. I started out just using paypal for the transactions and didn't need ssl, the site worked great but customers sometimes got confused with paypal and didn't finish checking out. I haven't been able to determine if there was a browser connection or not and my gut tells me that CC3.09 isn't the problem at this point, because the only variable left to scrutinize is the shared hosting and shared ssl. I would switch to dedicated ssl and a virtual private server if I 100% knew that it would fix the problem. When this first started getting posted in the forums, it was also happening to people with dedicated ssl. I also have been having shared hosting issues where another user on my server does something and robs my site of bandwith. Any advice at this point would be much appreciated. -M Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.