Jump to content

All in One Shipping Module Can Lose Data - a Hack


bsmither

Recommended Posts

A problem with the AIOS module is that adding, editing, deleting rates will submit all the rates on the tabs, regardless even if they have not changed. This could lead to submitting a very large number of data points (key/value pairs). (This is because browsers submit arrayed keys even with empty values.) PHP has a default limit of 1000 key/value pairs of data input.

Exceeding this limit will cause PHP to truncate the collection of data, including the security token that had been added at the end. No security token, nothing gets updated.

This hack makes each tab of the administrative screen of AIOS to function as an independent form. This then drastically cuts down the number of key/value pairs.

There is a consequence to doing this ---

Each separate zone tab is a complete and distinct "form". This is different than any other admin settings area.

That is, (as of CC611 and earlier) when editing a Product, all the various tabs and the content displayed for each tab is considered to be all on one single form -- the data from ALL tabs' contents are submitted all at once. Thus, you can progress through the various tabs making ALL the settings and properties for that one product. Clicking Save will save ALL the data from all the tab contents.

If you are experienced with using your browser's waterfall diagnostics, you can verify what data gets sent out by the browser.

NOT SO with this alternate template for the AIOS module. That is, making changes on the first zone tab (USA for example), then making changes on a second zone tab (Canada for example), then clicking the Save button while still viewing that second zone (Canada), will ONLY send the data on the second zone (Canada). The changes on the first zone tab (USA), not being visible, was NOT submitted.

So please keep this in mind -- each zone tab is a separate form and only the data for the form being viewed will get submitted.

Copy the existing file:
/modules/shipping/All_In_One_Shipping/skin/admin/index.tpl
to some other name, and using a programmer's text editor, make the following edits. The edits are made from the bottom up so as to not disturb line numbers.

Line 314:
From:
</form>
To:
</form> *}

Line 301 - 304:
From:
   </fieldset>
   </div>
   {/if}
   <div class="form_control">
To:
   </fieldset>
{* NEW *}
   <div class="form_control">
      <input type="hidden" name="save" value="{$FORM_HASH}" />
      <input type="hidden" name="previous-tab" id="previous-tab" value="" />
      <input type="submit" value="{$LANG.allinoneshipping.save_this_tab}" />
   </div>
   <input type="hidden" name="token" value="{$SESSION_TOKEN}" />
   </div>
   </form>
{* /NEW *}
   {/if}
{* <div class="form_control">

Line 149 - 155:
From:
      {include file='admin/shipping_rates.tpl'}
   </div>
   {/foreach}
   {/if}
   {/if}
   {if isset($DISPLAY_FORM)}
   <div id="All_In_One_Shipping" class="tab_content">
To:
      {include file='admin/shipping_rates.tpl'}
{* NEW *}
   <div class="form_control">
      <input type="hidden" name="save" value="{$FORM_HASH}" />
      <input type="hidden" name="previous-tab" id="previous-tab" value="" />
      <input type="submit" value="{$LANG.allinoneshipping.save_this_tab}" />
   </div>
   <input type="hidden" name="token" value="{$SESSION_TOKEN}" />
   </div>
   </form>
{* /NEW *}
   {/foreach}
   {/if}
   {/if}
   {if isset($DISPLAY_FORM)}
{* NEW *}<form action="{$VAL_SELF}" method="post" enctype="multipart/form-data">
   <div id="All_In_One_Shipping" class="tab_content">

Line 140 - 145:
From:
      </table>
   </div>
   {if $MULTIPLE_ZONES}
   {foreach from=$ZONES item=zone}
   <!-- TAB -->
   <div id="zone_{$zone.id}" class="tab_content">
To:
      </table>
{* NEW *}
   <div class="form_control">
      <input type="hidden" name="save" value="{$FORM_HASH}" />
      <input type="hidden" name="previous-tab" id="previous-tab" value="" />
      <input type="submit" value="{$LANG.allinoneshipping.save_this_tab}" />
   </div>
   <input type="hidden" name="token" value="{$SESSION_TOKEN}" />
   </div>
   </form>
{* /NEW *}
   {if $MULTIPLE_ZONES}
   {foreach from=$ZONES item=zone}
   <!-- TAB -->
{* NEW *}<form action="{$VAL_SELF}" method="post" enctype="multipart/form-data">
   <div id="zone_{$zone.id}" class="tab_content">

Line 91 - 94:
From:
      {/if}
   </div>
   <!-- TAB -->
   <div id="shipping_zones" class="tab_content">
To:
      {/if}
{* NEW *}
   <div class="form_control">
      <input type="hidden" name="save" value="{$FORM_HASH}" />
      <input type="hidden" name="previous-tab" id="previous-tab" value="" />
      <input type="submit" value="{$LANG.allinoneshipping.save_this_tab}" />
   </div>
   <input type="hidden" name="token" value="{$SESSION_TOKEN}" />
   </div>
   </form>
{* /NEW *}
   <!-- TAB -->
{* NEW *}<form action="{$VAL_SELF}" method="post" enctype="multipart/form-data">
   <div id="shipping_zones" class="tab_content">

Line 4 - 8:
From:
</style>
<form action="{$VAL_SELF}" method="post" enctype="multipart/form-data">
   {if isset($DISPLAY_RATES)}
   <!-- TAB -->
   <div id="All_In_One_Shipping" class="tab_content">

To:
</style>
{* <form action="{$VAL_SELF}" method="post" enctype="multipart/form-data"> *}
   {if isset($DISPLAY_RATES)}
   <!-- TAB -->
{* NEW *}<form action="{$VAL_SELF}" method="post" enctype="multipart/form-data">
   <div id="All_In_One_Shipping" class="tab_content">


In the AIOS module's language file:
Find:
  <string name="save_all_changes"><![CDATA[Save all changes]]></string>
Add After:
  <string name="save_this_tab"><![CDATA[Save this tab's settings]]></string>

This is a change in a Smarty-powered template, so clear the skin cache.

You can verify the reduction in the amount of data sent out by re-examining the waterfall.

  • Like 1
Link to comment
Share on other sites

  • 4 weeks later...

Neither. I presume you are referring to the new protocol of CubeCart having a new administrative script name, such as /admin_QWERTY.php for accessing CubeCart's administrative side of the store.

The file mentioned above to change is in a subfolder starting at the /modules/ folder. Traverse down the folder path to get to that plugin's admin settings index.tpl template file.

Link to comment
Share on other sites

Dumb question - Do I make the changes to the original admin/index.php or the renamed on?

I'm sorry ... I meant the /modules/shipping/All_In_One_Shipping/skin/admin/index.tpl file just too lazy to type it out. Do I make changes to this file or the renamed file. But ... if I want to change the admin file so my login to CC admin is different what files do I change?

Thanks,

Claudia

Link to comment
Share on other sites

We made a copy of that file (renaming the copy to be different than the real one, such as copy_of_pristine_index.tpl) so that, if having made edits to the actual index.tpl file and things go south, we always have that prestine copy to use to try again.

As for CubeCart's one and only one administrative folder and one and only one administrative script file, whatever you choose to name each of them (and they can be named anything), those names must match what can be found in /includes/global.inc.php.

Link to comment
Share on other sites

  • 1 month later...
  • 3 months later...
  • 11 months later...

Still getting the same CSRF issue in 1.0.11 and there is no line 314 or  

</form> *}

so I am not about to start guessing at this.  Site is currently unable to process any orders since I tried to delete my free shipping option to get it under 1000 lines and it wasn't enough.  

Link to comment
Share on other sites

Restore from the downloaded package (if you installed via the lightning bolt token, get another token and re-install) the file All_In_One_Shipping/skin/admin/index.tpl back to /modules/shipping/All_In_One_Shipping/skin/admin/index.tpl.

Follow the instructions as posted above.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...