Jump to content

Security warning with new upgrade??


Guest hairfreax

Recommended Posts

Guest hairfreax

Parsed array keys can not contain illegal characters! Script execution has been halted.

It may be possible to fix this error by deleting your browsers cookies and refresh this page.

This happens when you try to get to cart step 3...

any ideas?

URL: http://www.hairfreax.co.uk/cart.php?act=step3

PHP version 5.1.5

Went fro 12 to 13 on the upgrade.....

and no clearing cookies did not resolve the problem!

Link to comment
Share on other sites

  • Replies 69
  • Created
  • Last Reply

Top Posters In This Topic

Guest babynet

I am having the same issue, with the same error. Different php version (4.4.4). I have 4 mods, quik edit options, text options, dropshippers and a menu mod. I thought it was one of these. Andrew, rewrote the dropshipper mod, specifically for the carts last update, so I have spent days, installing and uninstalling thinking I was in error, but now I see I am not the only one. I also noticed that on my home page instead of "Welcome Back" when testing, I get "LANG_WELCOME_BACK}" I know everyone is working hard to provide us with a secure cart, just a bit frustated, I switched, cause I was so tired of updating and reinstalling mod additions and the constantly broke cart that come with oscommerce.

Oh one other thing, there is an .htaccess file in the admin/include/ directory of the cart update. I had to delete this in order to use the editor for products and pages. Other wise I kept getting a forbidden access error. (might help someone else)

k done whinning, ;)

Link to comment
Share on other sites

Guest unclezoot

I'm getting this after upgrading to 3.0.13 and a Windows Server.

Only seems to happen if I change the quantities of the items in the Cart.php page.

Very strange!

Security Warning

Parsed array keys can not contain illegal characters! Script execution has been halted.

It may be possible to fix this error by deleting your browsers cookies and refresh this page.

Link to comment
Share on other sites

I have also experienced this error, but when changing the currency using the standard dropdown menu. Very odd, only in occurred in Firefox (v1.5.0.7).

I only had one tab operational and the problem started to occur. So I opened a second tab with on the same site, and changed the currency and it worked fine. Back to the first tab, same error.

I cleared the session cookies, then restarted Firefox and it fixed the problem.... so is this a session cookie problem?

Link to comment
Share on other sites

Guest PMinteractive

babynet: check that in the \skins\YOURSKIN\styleTemplates\boxes\session.tpl file you need to check that it says {LANG_WELCOME_BACK} somewhere around line 8

The .htaccess files were in the zip that people downloaded when the release email went out, but were removed not long after. I ran into this and other problems that were fixed when I redownloaded the new version a couple of days later.

Link to comment
Share on other sites

Alas, I too am experiencing the same problem as hairfreax after going from 12 to 13 on the upgrade.....and shop now unusable.

LAMP server

PHP Version 4.4.4

Am getting the following Security Warnings

\nGLOBALS overwrite attempt detected! Script execution has been terminated.

\nParsed array keys can not contain illegal characters! Script execution has been halted.

It may be possible to fix this error by deleting your browsers cookies and refresh this page.

Have deleted the browser cookies and refreshed but to no avail.

At first, attributed to the following mods:

Currency updater v1.01

Allow Free Product Downloads

... but removed these and still get the same problem.

Any suggestions greatfully received

*** UPDATE: From reading the various posts I decided to upload all files (not just those highlighted by the Changelog) and check if the shop worked without any mods. It did. Then changed the files required for the above mods using WinMerge ... and these worked too. Either the Changelog was incomplete or I failed to upload all files. Hope this is of help to others.

Link to comment
Share on other sites

Guest babynet

Thank you PMinteractive. This indeed fixed my welcome message, there was a missing bracket. Appreciate the assistance, I was beginning to bang my head on my computer. :wacko: I did not know that the download had been changed again. The htaccess was not a big deal for me, just mentioned it incase someone else came up against it. Still working on the security error, but will try another download, maybe this will do the trick. Thanks again.

Link to comment
Share on other sites

I'm almost finished tweaking my store on my local PC and so took the opportunity to load a completely fresh 3.0.13 installion online. ISP is running PHP Version: 4.4.4 and MySQL Version: 4.0.27-standard-log and my online test site is at http://www.i-enquire.com

This installation is freshly uploaded and has no modifications, changes or additions whatsoever.

From the homepage, try changing the Currency and Language. No problem.

Select the Test Product. Now try changing either the Currency or the Language:

"Parsed array keys can not contain illegal characters! Script execution has been halted.

It may be possible to fix this error by deleting your browsers cookies and refresh this page"

Deleting cookies and refreshing does nothing. Pressing 'back' on the browser (Firefox or IE6) re-loads the page with the new language or currency correctly applied.

Same error happens when viewing sitedocs or test category, though I've noticed the error rarely appears when viewing the homepage.

Link to comment
Share on other sites

Guest Windy Miller

I've had the same error message firstly when I upgraded from .12 to .13 and then (because I'd hardly done any work on the shop) when I deleted everything off the server and tried to install again from scratch.

Any help would be appreciated......

Link to comment
Share on other sites

Guest chapter_two

Thanks for that andi ;)

My store has been open for less than a week but reviewing the ISP stats for the domain this morning I noticed that there were 28 errors with switch.php in my logs :)

Have uploaded the fix now.

Link to comment
Share on other sites

The error is in switch.php. I havent had the time to go through the code to find the error but if you replace the one i have attached with your current one it should sort the problem out :o

switch.php

Thanks - reverting the switch.php file from v3.0.13 to v3.0.12 seems to have done the trick.

Link to comment
Share on other sites

You can turn off that security function by opening /includes/ini.inc.php

Find:

$clean = new clean_all($data);



$_GET = $clean->clean_all($_GET);

$_POST = $clean->clean_all($_POST);

$_COOKIE = $clean->clean_all($_COOKIE);

$_REQUEST = $clean->clean_all($_REQUEST);




Replace with:


/*

$clean = new clean_all($data);



$_GET = $clean->clean_all($_GET);

$_POST = $clean->clean_all($_POST);

$_COOKIE = $clean->clean_all($_COOKIE);

$_REQUEST = $clean->clean_all($_REQUEST);

*/

The function is a hardening measure. This means that it is only an extra measure to prevent potential security issues. It is safe to trun off but we recommend having it on.

There have been a few bugs concerning this and I will release a patch asap.

Link to comment
Share on other sites

I am getting the following error when trying to log into the admin area.... I've just completed the upgrade from 12 to 13:

Security Warning

Parsed array keys can not contain illegal characters! Script execution has been halted.

It may be possible to fix this error by deleting your browsers cookies and refresh this page.

Any ideas what I need to do please? I have re-uploaded all files but this has not cleared the issue.

EDIT: I have done the modification on the coding in ini.inc.php file.... now it loops the admin log in page. I click log in, it goes back to the enter your user/password.... i do, click login and again it goes back to the enter user/password.... :)

Link to comment
Share on other sites

I am getting the following error when trying to log into the admin area.... I've just completed the upgrade from 12 to 13:

Security Warning

Parsed array keys can not contain illegal characters! Script execution has been halted.

It may be possible to fix this error by deleting your browsers cookies and refresh this page.

Any ideas what I need to do please? I have re-uploaded all files but this has not cleared the issue.

If you had actually read this thread, you'd know exactly what to do!
Link to comment
Share on other sites

I am getting the following error when trying to log into the admin area.... I've just completed the upgrade from 12 to 13:

Security Warning

Parsed array keys can not contain illegal characters! Script execution has been halted.

It may be possible to fix this error by deleting your browsers cookies and refresh this page.

Any ideas what I need to do please? I have re-uploaded all files but this has not cleared the issue.

If you had actually read this thread, you'd know exactly what to do!

Umm ok, should have added my EDIT before i clicked post......

Link to comment
Share on other sites

lol telling me. Is the edit of coding meant to cause this admin log in looping? Or have I done something else wrong?

Or is it a case of sit and wait for an update?

Link to comment
Share on other sites

Changing currency on the Home Page works fine. If I try changing the currency from a product page, it refreshes and takes me back to the Home Page. Never noticed this before. Is this the correct response to a currency change?

Link to comment
Share on other sites

The issue causes additional code in treatGet function however security improvement. If the URL contains

&
treatGet changes it to
&

The second amp; is the big problem! str_replace does replace only

$amp;
 to & 
amp;
remains there and it looks like
&
afterwards. Only you need is change following: switch.php SEARCH FOR

header("Location: ".str_replace("&","&",treatGet($_GET['r'])));




REPLACE WITH (you have to do it twice!)


header("Location: ".str_replace('amp;','',treatGet($_GET['r'])));




includes/content/reg.php



SEARCH FOR


header("Location: ".str_replace("&","&",$redir));




REPLACE WITH


header("Location: ".str_replace('amp;','',$redir));






I have found useless security featuere in includes/content/login.inc.php


$_GET['redir'] = treatGet($_GET['redir']);

header("Location: ".str_replace("&","&",base64_decode(treatGet($_GET['redir']))));




Should be


header("Location: ".str_replace('amp;','',treatGet(base64_decode($_GET['redir']))));
Link to comment
Share on other sites

Thanks for that andi :)

My store has been open for less than a week but reviewing the ISP stats for the domain this morning I noticed that there were 28 errors with switch.php in my logs ;)

Have uploaded the fix now.

Great :) Please let us know if it fixes with issue.

I get the same error message - but only when changing the quantity in the cart. I have changed switch.php and removed cookies but to no avail. Strange thing is, it only effects some items in the cart and not others..... Any ideas?

Link to comment
Share on other sites

Thanks for that andi :)

My store has been open for less than a week but reviewing the ISP stats for the domain this morning I noticed that there were 28 errors with switch.php in my logs ;)

Have uploaded the fix now.

Great :) Please let us know if it fixes with issue.

I get the same error message - but only when changing the quantity in the cart. I have changed switch.php and removed cookies but to no avail. Strange thing is, it only effects some items in the cart and not others..... Any ideas?

This happens if there is a product with multi options in cart. You may disable the security feature sa Al stated above or fix it in 3 files:

classes/cart.php

includes/boxes/shoppingCart.inc.php

includes/content/cart.php

SEARCH FOR

"."

REPLACE WITH

"_"

Note: includes/content/cart.php do it only for first occurence. I am talking about unmodified cubecart files.

EDIT:

"." replacement should be any of characters definied as allowed in security code, "|" instead of "_" in the official release will be the right one probably.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




×
×
  • Create New...