Guest pbrcaptain Posted December 19, 2006 Share Posted December 19, 2006 George, before changing the code in the one file, the error was occuring for me when trying to get to either admin or the storefront. So it may be the same thing. If you back up any file(s) you edit, and if your fixing doesn't work or if it turns out to be a different problem altogether, no harm done. You could just re-upload the original file(s). Thanks tshells - I assume you are referring to commenting out the security check code mentioned earlier in this post? Any comments Al? George The changes I made to inc.inc.php worked for the USPS security warning! However, NOW, when I test buying a product I get this message when transferring to LinkPoint: Form Processing Error The following errors occurred while processing your request: # It is not possible to order from the store at this time. # Contact the merchant for further information (error 1002). Any ideas ?? I'm behind schedule and we've already missed this Christmas sales season because of all these problems!! AL!!! HELP!! George Quote Link to comment Share on other sites More sharing options...
Guest MrsPH Posted December 21, 2006 Share Posted December 21, 2006 I am also getting this error after the upgrade. Security Warning Parsed array keys can not contain illegal characters! Script execution has been halted. It may be possible to fix this error by deleting your browsers cookies and refresh this page. I can delete cookies in IE7 and get to the store front. However I can no longer get into any of the admin areas. Once I delete cookies in IE7, then go someplace else I have to re-delete cookies. Samething happens in Firefox 2 site is http://www.ncfoothills-geocachers.com/store Quote Link to comment Share on other sites More sharing options...
convict Posted December 21, 2006 Share Posted December 21, 2006 I am also getting this error after the upgrade. Security Warning Parsed array keys can not contain illegal characters! Script execution has been halted. It may be possible to fix this error by deleting your browsers cookies and refresh this page. I can delete cookies in IE7 and get to the store front. However I can no longer get into any of the admin areas. Once I delete cookies in IE7, then go someplace else I have to re-delete cookies. Samething happens in Firefox 2 site is http://www.ncfoothills-geocachers.com/store MySQL Error Occured 1044: Access denied for user: 'parrots_mrsph@localhost' to database 'parrots_store' Quote Link to comment Share on other sites More sharing options...
Guest panorama motor Posted January 24, 2007 Share Posted January 24, 2007 We're new to this business and have just come to the stage where we should release the shop. But after a last upgrade we also have the same problem. We've read all the 'solutions' and tried appropriate ones, but no avail... Please advice. Reinstall and go through all setups again? Install another webshop??? None of us are very skilled programmers and we need a shop that is easy and reliable, any recommendations? Quote Link to comment Share on other sites More sharing options...
Guest omegareport Posted March 14, 2007 Share Posted March 14, 2007 I have to say it, not to be an ass, but because it needs to be said - I am thoroughly disgusted with the total lack of service even AFTER shelling out the maximum price asked three months ago, and receiving not a single response from tech support for major problems - and after following every "solution" recommended on this forum - I spent the better part of two days reading the forum for help. I see from the nature of so many posts that I'm not alone. I'm beginning to think this is very buggy software and should be totally avoided. After being ignored for 3 months and then told my service had expired, I was stupid enough to shell out another $30 for a "whole month" of "support" only to be told that it may take up to a month for the payment to even be credited - at which time support has expired again. What is this? I don't know if anyone from the Corporate Kingdom at Cubecart ever reads this site, but people - the main reason businesses fail is lack of customer support. I host a number of websites dealing with ebooks, software and ecommerce and you can be sure I will have to give my visitors a big thumbs down on CubeCart after this dismal experience! Quote Link to comment Share on other sites More sharing options...
Guest Dazzy Posted March 19, 2007 Share Posted March 19, 2007 I too am getting this error, but only on Firefox in Linus and Mac Parsed array keys can not contain illegal characters! Script execution has been halted Quote Link to comment Share on other sites More sharing options...
Guest Dazzy Posted March 19, 2007 Share Posted March 19, 2007 Jsut applied the changes to ini.inc it works now using 3.0.1.5 Quote Link to comment Share on other sites More sharing options...
Guest ams Posted March 20, 2007 Share Posted March 20, 2007 Hi All, I have just loaded the new version of Cubecart ver 3.0.15 and get the same security error Security Warning Parsed array keys can not contain illegal characters! Script execution has been halted. It may be possible to fix this error by deleting your browsers cookies and refresh this page. I made the changes to the ini.php file, which got rid of the error, but when I tried to log into the admin section it keeps asking for the username and password. I have installed Cubecart through HSphere Easy Apps. if that makes a difference. Any help is grately appreciated A Quote Link to comment Share on other sites More sharing options...
Guest ams Posted March 21, 2007 Share Posted March 21, 2007 Hi All, I have just loaded the new version of Cubecart ver 3.0.15 and get the same security error Security Warning Parsed array keys can not contain illegal characters! Script execution has been halted. It may be possible to fix this error by deleting your browsers cookies and refresh this page. I made the changes to the ini.php file, which got rid of the error, but when I tried to log into the admin section it keeps asking for the username and password. I have installed Cubecart through HSphere Easy Apps. if that makes a difference. Any help is grately appreciated A Hi all, Are there any fixes for the above problem? I have made all the changes suggested in this thread and as I mentioned above, the security error disappeared but now I cannot access the admin section. I keep getting the admin log in form no matter how many times i try to enter the correct details. Would like to give it one more try before I totally give up on it, so if anyone out there knows the fix please let me know?? thanks in advance! A Quote Link to comment Share on other sites More sharing options...
Guest Brivtech Posted March 22, 2007 Share Posted March 22, 2007 Have you tried clearing cookies? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted March 23, 2007 Share Posted March 23, 2007 If you run other scripts on the hosting which set cookies with "illegal" characters than that can cause a problem. There shouldn't be anything in the code now that would cause this. Some browsers enable you to browse the current cookies so you may be able to see if any are causing it. CubeCart only allows cookies with keys containing a-z1-9. Quote Link to comment Share on other sites More sharing options...
Guest Dazzy Posted March 24, 2007 Share Posted March 24, 2007 Al Just to let you know, the site I noticed it on first (http://www.jinlunuk.co.uk) only had cubecart on it, but as I said it only happened in FF on linux and mac, pc version was fine. Quote Link to comment Share on other sites More sharing options...
Guest lswebdesign Posted April 3, 2007 Share Posted April 3, 2007 Thank you. I also had the security problem and your fixes took care of the issue. Very much appreciated. Joe The issue causes additional code in treatGet function however security improvement. If the URL contains & treatGet changes it to & The second amp; is the big problem! str_replace does replace only $amp; to & amp; remains there and it looks like & afterwards. Only you need is change following: switch.php SEARCH FOR header("Location: ".str_replace("&","&",treatGet($_GET['r']))); REPLACE WITH (you have to do it twice!) header("Location: ".str_replace('amp;','',treatGet($_GET['r']))); includes/content/reg.php SEARCH FOR header("Location: ".str_replace("&","&",$redir)); REPLACE WITH header("Location: ".str_replace('amp;','',$redir)); I have found useless security featuere in includes/content/login.inc.php $_GET['redir'] = treatGet($_GET['redir']); header("Location: ".str_replace("&","&",base64_decode(treatGet($_GET['redir'])))); Should be header("Location: ".str_replace('amp;','',treatGet(base64_decode($_GET['redir'])))); Quote Link to comment Share on other sites More sharing options...
Guest Posted April 12, 2007 Share Posted April 12, 2007 You can turn off that security function by opening /includes/ini.inc.php Find: $clean = new clean_all($data); $_GET = $clean->clean_all($_GET); $_POST = $clean->clean_all($_POST); $_COOKIE = $clean->clean_all($_COOKIE); $_REQUEST = $clean->clean_all($_REQUEST); Replace with: /* $clean = new clean_all($data); $_GET = $clean->clean_all($_GET); $_POST = $clean->clean_all($_POST); $_COOKIE = $clean->clean_all($_COOKIE); $_REQUEST = $clean->clean_all($_REQUEST); */ The function is a hardening measure. This means that it is only an extra measure to prevent potential security issues. It is safe to trun off but we recommend having it on. There have been a few bugs concerning this and I will release a patch asap. We are running 3.0.14 and we have been getting the Security Warning message A LOT over the last 3/4 days when in the admin panel adding products, managing categories, etc. Does the solution above solve these problems we are getting? Quote Link to comment Share on other sites More sharing options...
Guest Posted June 16, 2007 Share Posted June 16, 2007 This thread has been a life saver...well an estore saver!!! Thanks to everyone Louie Quote Link to comment Share on other sites More sharing options...
Guest XeroBeagle Posted July 23, 2007 Share Posted July 23, 2007 hiya, unfortunatly im having some serious issues, when i logged into admin and try and do something it just loops back 2 login, Then IF it works i get the illegal char problems.. Anyone available to help ? Quote Link to comment Share on other sites More sharing options...
Guest XeroBeagle Posted July 23, 2007 Share Posted July 23, 2007 ok, quick update, found out the problem it was my shitty host where i was getting my webhosting from (alphafrag) I moved 2 a new host and now it worked like charm thanks guys! Quote Link to comment Share on other sites More sharing options...
Guest Agouti Posted August 16, 2007 Share Posted August 16, 2007 THe problem seems to occur because line 76 in /includes/ini.inc.php if (eregi('[^a-z0-9\-_\:\@\|]', urldecode($key))) still returns true for upper case alpha (ABCDEF etc) on some servers. I fixed the problem by replacing the above line with if (preg_match('/[^a-zA-Z0-9\-_\:\@\|]/', urldecode($key))) which works around whatever bug causes the false positives. As there's virtually no difference (except marginally more server processing) can't see why it can't be changed in a release. Quote Link to comment Share on other sites More sharing options...
Guest kev143 Posted January 24, 2008 Share Posted January 24, 2008 perfect, thanks! Editing the ini.inc.php file did the trick Quote Link to comment Share on other sites More sharing options...
Guest dands Posted March 18, 2008 Share Posted March 18, 2008 Hi, I am new to all this and am having the exact same problem with version 3.0.17 and if I do the fix that Al posted, it causes the login to loop. I tried clearing the cookies and there are no illegal characters in the cookie it sets. Somewhere it's changing the "&" in the url to "&" but I have no idea where. The url that gives the Security Warning looks like this: "?goto=/admin/modules/gateway/ExpressCheckout/index.php?module=gateway&folder=ExpressCheckout" I would appreciate any help or suggestions. Thanks in advance, Doris Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.