jrodch Posted October 14, 2014 Share Posted October 14, 2014 Running CubeCart Version 4.3.7 I'm getting an "Security Warning" when I click on any links from my home page. The error is as follows: Parsed array keys can not contain illegal characters! Script execution has been halted. It may be possible to fix this error by deleting your browsers cookies and refresh this page. I read past posts about his error and it seems that is stray character in the code. I recently made changes to the index.tpl file (/skins/Killer/styleTemplates/global) to add a site seal. When the problem started I reverted to a backup copy of the index.tpl file but the error continued. To my knowledge, no other files were altered. Any help would be appreciated. www.ebbesquaredrains.com Quote Link to comment Share on other sites More sharing options...
bsmither Posted October 14, 2014 Share Posted October 14, 2014 The links on the homepage look fine - using the seo-friendly URL feature of CC4. If you turn that feature off, does the problem go away? Where are you reading the Security Warning message? I also not that any link that has an underscore in a querystring key will get me a blank page. On the Hompage, that includes: Login (_a=login) View Cart (_g=co&_a=cart) So, I am going to say the sanitizer is triggering on the underscore. The seo-friendly URLs make it so there is no need for a querystring. (A bad key on a POST element would also trigger, as well as a bad key on a cookie.) Speaking of cookies, I do not see any coming from your site. Quote Link to comment Share on other sites More sharing options...
jrodch Posted October 15, 2014 Author Share Posted October 15, 2014 Thanks for the reply. I turned off the SEO friendly URL feature and I still get the error. When I switch the skin from "Killer" the problem goes away. I'm assuming that it's a problem in the skin. Any other suggestions? Quote Link to comment Share on other sites More sharing options...
bsmither Posted October 15, 2014 Share Posted October 15, 2014 Switching to a skin other than Killer (for CC4?) would certainly indicate such a conclusion. But I saw nothing in my browser's traffic log that would cause it. Although, now I am getting cookies. There are minor HTML coding errors, but nothing that would add a rogue element to the querystring. Let's try this-- edi tthe sanitizer to show what key from which array it doesn't like. File: ini.inc.php Class: clean_data, function clean_data Find: foreach ($data as $key => $val) { if (preg_match('#([^a-z0-9-_:@|])#i', urldecode($key))) { $die = "<h1 style='font-family: Arial, Helvetica, sans-serif; color: red;'>Security Warning</h1><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>nParsed array keys can not contain illegal characters! Script execution has been halted.</p><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>It may be possible to fix this error by deleting your browsers cookies and refresh this page.</p>n"; die($die); } Change this line: die($die); to: die($die . "<p>Key: ".base64_encode($key)."</p>"); When CC4 quits and sends just this message to your browser, you will be shown the key it did not like. It will be a string of base64 encoded characters. Please post that here. Or you can use any online base64 decoder. If it becomes important to know, later in that file, we can make some global variables to let us know which array that key is in. Quote Link to comment Share on other sites More sharing options...
jrodch Posted October 15, 2014 Author Share Posted October 15, 2014 Did as you instructed: Parsed array keys can not contain illegal characters! Script execution has been halted. It may be possible to fix this error by deleting your browsers cookies and refresh this page. Key: X191dG10X34x Hope this helps Quote Link to comment Share on other sites More sharing options...
bsmither Posted October 15, 2014 Share Posted October 15, 2014 This doesn't appear in my browser's traffic (probably because I have disabled this source), but I recognize the key: __utmt_~1 It is a new format of Google's Analytics program. Please read: http://www.cubecartforums.org/index.php?showtopic=18908 Quote Link to comment Share on other sites More sharing options...
jrodch Posted October 15, 2014 Author Share Posted October 15, 2014 Eureka! I removed the Google Analytics code and the problem went away. Thanks for your help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.