FishEye: file osCommerce/oscommerce2/trunk/update-20051113.html

Annotated File View

hpdl	477	1	<html>
		2
		3	<head>
		4	<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
		5	<meta name=Generator content="Microsoft Word 11 (filtered)">
		6	<title>osCommerce 2.2 Milestone 2 Update 051113</title>
		7	<style>
		8	<!--
		9	/* Style Definitions */
		10	p.MsoNormal, li.MsoNormal, div.MsoNormal
		11	{margin:0cm;
		12	margin-bottom:.0001pt;
		13	font-size:12.0pt;
		14	font-family:"Times New Roman";}
		15	h1
		16	{margin-top:12.0pt;
		17	margin-right:0cm;
		18	margin-bottom:3.0pt;
		19	margin-left:0cm;
		20	page-break-after:avoid;
		21	font-size:16.0pt;
		22	font-family:Arial;}
		23	h2
		24	{margin-top:12.0pt;
		25	margin-right:0cm;
		26	margin-bottom:3.0pt;
		27	margin-left:0cm;
		28	page-break-after:avoid;
		29	font-size:14.0pt;
		30	font-family:Arial;
		31	font-style:italic;}
		32	h3
		33	{margin-top:12.0pt;
		34	margin-right:0cm;
		35	margin-bottom:3.0pt;
		36	margin-left:0cm;
		37	page-break-after:avoid;
		38	font-size:13.0pt;
		39	font-family:Arial;}
		40	p.MsoToc1, li.MsoToc1, div.MsoToc1
		41	{margin:0cm;
		42	margin-bottom:.0001pt;
		43	font-size:12.0pt;
		44	font-family:"Times New Roman";}
		45	p.MsoToc3, li.MsoToc3, div.MsoToc3
		46	{margin-top:0cm;
		47	margin-right:0cm;
		48	margin-bottom:0cm;
		49	margin-left:24.0pt;
		50	margin-bottom:.0001pt;
		51	font-size:12.0pt;
		52	font-family:"Times New Roman";}
		53	p.MsoHeader, li.MsoHeader, div.MsoHeader
		54	{margin:0cm;
		55	margin-bottom:.0001pt;
		56	font-size:12.0pt;
		57	font-family:"Times New Roman";}
		58	p.MsoFooter, li.MsoFooter, div.MsoFooter
		59	{margin:0cm;
		60	margin-bottom:.0001pt;
		61	font-size:12.0pt;
		62	font-family:"Times New Roman";}
		63	a:link, span.MsoHyperlink
		64	{color:blue;
65	text-decoration:underline;}
66	a:visited, span.MsoHyperlinkFollowed
67	{color:purple;
68	text-decoration:underline;}
69	pre
70	{margin:0cm;
71	margin-bottom:.0001pt;
72	font-size:10.0pt;
73	font-family:"Courier New";}
74	span.Heading1Char
75	{font-family:Arial;
76	font-weight:bold;}
77	p.NormalCourierNew, li.NormalCourierNew, div.NormalCourierNew
78	{margin:0cm;
79	margin-bottom:.0001pt;
80	font-size:12.0pt;
81	font-family:"Times New Roman";}
82	span.Heading3Char
83	{font-family:Arial;
84	font-weight:bold;}
85	/* Page Definitions */
86	@page Section1
87	{size:612.0pt 792.0pt;
88	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
89	div.Section1
90	{page:Section1;}
91	-->
92	</style>
93
94	</head>
95
96	<body lang=EN-US link=blue vlink=purple>
97
98	<div class=Section1>
99
100	<h1 align=center style='text-align:center'><a name="_Toc119693700"></a><a
101	name="_Toc119693027"></a><a name="_Toc119692912"></a><a name="_Toc119692858"></a><a
102	name="_Toc119473688"></a><a name="_Toc119399320"></a><a name="_Toc116415078"></a><a
103	name="_Toc116413327"></a><a name="_Toc115810646"></a><a name="_Toc114779446"></a><a
104	name="_Toc114755867"></a><a name="_Toc114755833"></a><a name="_Toc114753969"></a><a
105	name="_Toc114748813">osCommerce 2.2 Milestone 2</a> Update 051113</h1>
106
107	<p class=MsoNormal align=center style='text-align:center'>Update Package 13<sup>th</sup>
108	November 2005</p>
109
110	<p class=MsoNormal> </p>
111
112	<p class=MsoNormal><b> </b></p>
113
114	<p class=MsoNormal><b> </b></p>
115
116	<p class=MsoNormal><b> </b></p>
117
118	<p class=MsoNormal><b>Table of Contents</b></p>
119
120	<p class=MsoNormal> </p>
121
122	<p class=MsoNormal><u>Update 051113</u></p>
123
124	<p class=MsoNormal> </p>
125
126	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693028"><span
127	lang=EN>customer_country_id in addressbook</span><span style='color:windowtext;
128	display:none;text-decoration:none'>. </span><span
129	style='color:windowtext;display:none;text-decoration:none'>2</span></a></span></p>
130
131	<p class=MsoNormal><span lang=EN> </span></p>
132
133	<p class=MsoNormal><u><span lang=EN>Update 051112</span></u></p>
134
135	<p class=MsoNormal> </p>
136
137	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693703">Cannot
138	re-assign $this<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
139	style='color:windowtext;display:none;text-decoration:none'>3</span></a></span></p>
140
141	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693704"><span
142	lang=EN>limit -20, 20</span><span style='color:windowtext;display:none;
143	text-decoration:none'>. </span><span
144	style='color:windowtext;display:none;text-decoration:none'>4</span></a></span></p>
145
146	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693705">Database
147	Input Enhancement<span style='color:windowtext;display:none;text-decoration:
148	none'> </span><span
149	style='color:windowtext;display:none;text-decoration:none'>5</span></a></span></p>
150
151	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693706">Adding
152	Non-Existing Products To Cart<span style='color:windowtext;display:none;
153	text-decoration:none'> </span><span
154	style='color:windowtext;display:none;text-decoration:none'>7</span></a></span></p>
155
156	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693707">Session ID
157	XSS Issue<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
158	style='color:windowtext;display:none;text-decoration:none'>12</span></a></span></p>
159
160	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693708">Validate
161	Session ID<span style='color:windowtext;display:none;text-decoration:none'>.. </span><span
162	style='color:windowtext;display:none;text-decoration:none'>13</span></a></span></p>
163
164	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693709">File Manager
165	Problem<span style='color:windowtext;display:none;text-decoration:none'>.. </span><span
166	style='color:windowtext;display:none;text-decoration:none'>15</span></a></span></p>
167
168	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693710">HTTP Header
169	Injection<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
170	style='color:windowtext;display:none;text-decoration:none'>16</span></a></span></p>
171
172	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693711">E-Mail
173	Header Injection<span style='color:windowtext;display:none;text-decoration:
174	none'>. </span><span
175	style='color:windowtext;display:none;text-decoration:none'>18</span></a></span></p>
176
177	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693712">Contact Us
178	Form XSS Issue<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
179	style='color:windowtext;display:none;text-decoration:none'>21</span></a></span></p>
180
181	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693713">Open
182	Redirector<span style='color:windowtext;display:none;text-decoration:none'> </span><span
183	style='color:windowtext;display:none;text-decoration:none'>22</span></a></span></p>
184
185	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693714">Extra
186	Slashes In New Products<span style='color:windowtext;display:none;text-decoration:
187	none'>. </span><span
188	style='color:windowtext;display:none;text-decoration:none'>23</span></a></span></p>
189
190	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693715">Order Status
191	Filtering<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
192	style='color:windowtext;display:none;text-decoration:none'>25</span></a></span></p>
193
194	<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc119693716">MySQL 5.0
195	Compatibility<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
196	style='color:windowtext;display:none;text-decoration:none'>26</span></a></span></p>
197
198	<h1><span lang=EN><br clear=all style='page-break-before:always'>
199	<a name="_Toc119693702"></a><a name="_Toc119693701"></a><a name="_Toc119693028">customer_country_id
200	in addressbook</a></span></h1>
201
202	<p class=MsoNormal><a href="http://www.oscommerce.com/community/bugs,1662">http://www.oscommerce.com/community/bugs,1662</a></p>
203
204	<p class=MsoNormal> </p>
205
206	<h3>Problem:</h3>
207
208	<p class=MsoNormal><span class=Heading3Char><span style='font-size:13.0pt'> </span></span></p>
209
210	<p class=MsoNormal><span lang=EN>When the customer updates their address in the
211	My Account page, their country value is being stored in an incorrect variable
212	that can cause an incorrect tax rate value being used in product prices.</span></p>
213
214	<p class=MsoNormal><span lang=EN> </span></p>
215
216	<h3><span lang=EN>Solution:</span></h3>
217
218	<p class=MsoNormal><span lang=EN> </span></p>
219
220	<p class=MsoNormal><span lang=EN>The following lines must be replaced in
221	catalog/address_book_process.php:</span></p>
222
223	<p class=MsoNormal><span lang=EN> </span></p>
224
225	<p class=MsoNormal><span lang=EN>Line 150, from:</span></p>
226
227	<p class=MsoNormal><span lang=EN> </span></p>
228
229	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
230	color:blue'>$customer_country_id = <span style='background:yellow'>$country_id</span>;</span></p>
231
232	<p class=MsoNormal><span lang=EN> </span></p>
233
234	<p class=MsoNormal><span lang=EN>to:</span></p>
235
236	<p class=MsoNormal><span lang=EN> </span></p>
237
238	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
239	color:blue'>$customer_country_id = <span style='background:yellow'>$country</span>;</span></p>
240
241	<p class=MsoNormal><span lang=EN> </span></p>
242
243	<p class=MsoNormal><span lang=EN>Line 171, from:</span></p>
244
245	<p class=MsoNormal><span lang=EN> </span></p>
246
247	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
248	color:blue'>$customer_country_id = <span style='background:yellow'>$country_id</span>;</span></p>
249
250	<p class=MsoNormal><span lang=EN> </span></p>
251
252	<p class=MsoNormal><span lang=EN>to:</span></p>
253
254	<p class=MsoNormal><span lang=EN> </span></p>
255
256	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
257	color:blue'>$customer_country_id = <span style='background:yellow'>$country</span>;</span></p>
258
259	<span lang=EN style='font-size:12.0pt;font-family:"Times New Roman"'><br
260	clear=all style='page-break-before:always'>
261	</span>
262
263	<p class=MsoNormal><a name="_Toc119693703"></a><a name="_Toc119693029"><span
264	class=Heading1Char><span style='font-size:16.0pt'>Cannot re-assign $this</span></span></a></p>
265
266	<p class=MsoNormal><a href="http://www.oscommerce.com/community/bugs,1650">http://www.oscommerce.com/community/bugs,1650</a></p>
267
268	<p class=MsoNormal> </p>
269
270	<h3>Problem:</h3>
271
272	<p class=MsoNormal> </p>
273
274	<p class=MsoNormal>Fatal error: Cannot re-assign $this in /path/to/catalog/admin/includes/classes/upload.php
275	on line 31</p>
276
277	<p class=MsoNormal><b> </b></p>
278
279	<h3>Solution:</h3>
280
281	<p class=MsoNormal> </p>
282
283	<p class=MsoNormal>Lines 27-34 in catalog/admin/includes/classes/upload.php
284	must be changed from:</p>
285
286	<p class=MsoNormal> </p>
287
288	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
289	color:blue'>if ( ($this->parse() == true) && ($this->save() ==
290	true) ) {</span></p>
291
292	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
293	color:blue'>� return true;</span></p>
294
295	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
296	color:blue'>} else {</span></p>
297
298	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
299	color:blue;background:yellow'>// self destruct</span></p>
300
301	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
302	color:blue;background:yellow'>� $this = null;</span></p>
303
304	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
305	color:blue'> </span></p>
306
307	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
308	color:blue'>� return false;</span></p>
309
310	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
311	color:blue'>}</span></p>
312
313	<p class=MsoNormal> </p>
314
315	<p class=MsoNormal>to:</p>
316
317	<p class=MsoNormal> </p>
318
319	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
320	color:blue'>if ( ($this->parse() == true) && ($this->save() ==
321	true) ) {</span></p>
322
323	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
324	color:blue'>� return true;</span></p>
325
326	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
327	color:blue'>} else {</span></p>
328
329	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
330	color:blue'>� return false;</span></p>
331
332	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
333	color:blue'>}</span></p>
334
335	<b><span style='font-size:10.0pt;font-family:"Courier New";color:blue'><br
336	clear=all style='page-break-before:always'>
337	</span></b>
338
339	<h1><a name="_Toc119693704"></a><a name="_Toc119693030"><span lang=EN>limit
340	-20, 20</span></a></h1>
341
342	<p class=MsoNormal><span lang=EN><a
343	href="http://www.oscommerce.com/community/bugs,1605">http://www.oscommerce.com/community/bugs,1605</a></span></p>
344
345	<p class=MsoNormal><span lang=EN> </span></p>
346
347	<p class=MsoNormal><span lang=EN> </span></p>
348
349	<h3><span lang=EN>Problem:</span></h3>
350
351	<p class=MsoNormal><span lang=EN> </span></p>
352
353	<p class=MsoNormal><span lang=EN>1064 - You have an error in your SQL syntax;
354	check the manual that corresponds to your MySQL server version for the right
355	syntax to use near '-20, 20' at line 1</span></p>
356
357	<p class=MsoNormal><span lang=EN> </span></p>
358
359	<h3><span lang=EN>Solution:</span></h3>
360
361	<p class=MsoNormal><span lang=EN> </span></p>
362
363	<p class=MsoNormal><span lang=EN>Line 67 in catalog/includes/classes/split_page_results.php
364	must be changed from:</span></p>
365
366	<p class=MsoNormal><span lang=EN> </span></p>
367
368	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
369	color:blue'>$this->sql_query .= " limit " . <span
370	style='background:yellow'>$offset</span> . ", " . $this->number_of_rows_per_page;</span></p>
371
372	<p class=MsoNormal><span lang=EN> </span></p>
373
374	<p class=MsoNormal><span lang=EN>to:</span></p>
375
376	<p class=MsoNormal><span lang=EN> </span></p>
377
378	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
379	color:blue'>$this->sql_query .= " limit " . <span
380	style='background:yellow'>max($offset, 0)</span> . ", " . $this->number_of_rows_per_page;</span></p>
381
382	<p class=MsoNormal><span lang=EN> </span></p>
383
384	<p class=MsoNormal><span lang=EN>Line 38 in
385	catalog/admin/includes/classes/split_page_results.php must be changed from:</span></p>
386
387	<p class=MsoNormal><span lang=EN> </span></p>
388
389	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
390	color:blue'>$sql_query .= " limit " . <span style='background:yellow'>$offset</span>
391	. ", " . $max_rows_per_page;</span></p>
392
393	<p class=MsoNormal><span lang=EN> </span></p>
394
395	<p class=MsoNormal><span lang=EN>to:</span></p>
396
397	<p class=MsoNormal><span lang=EN> </span></p>
398
399	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
400	color:blue'>$sql_query .= " limit " . <span style='background:yellow'>max($offset,
401	0)</span> . ", " . $max_rows_per_page;</span></p>
402
403	<b><span lang=EN style='font-size:16.0pt;font-family:Arial'><br clear=all
404	style='page-break-before:always'>
405	</span></b>
406
407	<h1><a name="_Toc119693705"></a><a name="_Toc119693031">Database Input
408	Enhancement</a></h1>
409
410	<p class=MsoNormal> </p>
411
412	<h3>Problem:</h3>
413
414	<p class=MsoNormal> </p>
415
416	<p class=MsoNormal>Native MySQL functions should be used in preference to the
417	addslashes() function, to properly protect the SQL queries being executed on
418	the database server.</p>
419
420	<p class=MsoNormal> </p>
421
422	<h3>Solution:</h3>
423
424	<p class=MsoNormal> </p>
425
426	<p class=MsoNormal>The following function must be replaced in
427	catalog/includes/functions/database.php.</p>
428
429	<p class=MsoNormal> </p>
430
431	<p class=MsoNormal>Lines 126-128, from:</p>
432
433	<p class=MsoNormal> </p>
434
435	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
436	color:blue'>function tep_db_input($string) {</span></p>
437
438	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
439	color:blue'>� return addslashes($string);</span></p>
440
441	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
442	color:blue'>}</span></p>
443
444	<p class=MsoNormal> </p>
445
446	<p class=MsoNormal>to:</p>
447
448	<p class=MsoNormal> </p>
449
450	<pre><span style='font-size:9.0pt;color:blue'>function tep_db_input($string, $link = 'db_link') {</span></pre><pre><span
451	style='font-size:9.0pt;color:blue'>� global $$link;</span></pre><pre><span
452	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
453	style='font-size:9.0pt;color:blue'>� if (function_exists('mysql_real_escape_string')) {</span></pre><pre><span
454	style='font-size:9.0pt;color:blue'>�� return mysql_real_escape_string($string, $$link);</span></pre><pre><span
455	style='font-size:9.0pt;color:blue'>� } elseif (function_exists('mysql_escape_string')) {</span></pre><pre><span
456	style='font-size:9.0pt;color:blue'>�� return mysql_escape_string($string);</span></pre><pre><span
457	style='font-size:9.0pt;color:blue'>� }</span></pre><pre><span style='font-size:
458	9.0pt;color:blue'> </span></pre><pre><span style='font-size:9.0pt;
459	color:blue'>� return addslashes($string);</span></pre><pre><span
460	style='font-size:9.0pt;color:blue'>}</span></pre>
461
462	<p class=MsoNormal> </p>
463
464	<p class=MsoNormal>The following function must be replaced in
465	catalog/admin/includes/functions/database.php.</p>
466
467	<p class=MsoNormal> </p>
468
469	<p class=MsoNormal>Lines 130-132, from:</p>
470
471	<p class=MsoNormal> </p>
472
473	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
474	color:blue'>function tep_db_input($string) {</span></p>
475
476	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
477	color:blue'>� return addslashes($string);</span></p>
478
479	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
480	color:blue'>}</span></p>
481
482	<p class=MsoNormal> </p>
483
484	<span style='font-size:12.0pt;font-family:"Times New Roman"'><br clear=all
485	style='page-break-before:always'>
486	</span>
487
488	<p class=MsoNormal>to:</p>
489
490	<p class=MsoNormal> </p>
491
492	<pre><span style='font-size:9.0pt;color:blue'>function tep_db_input($string, $link = 'db_link') {</span></pre><pre><span
493	style='font-size:9.0pt;color:blue'>� global $$link;</span></pre><pre><span
494	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
495	style='font-size:9.0pt;color:blue'>� if (function_exists('mysql_real_escape_string')) {</span></pre><pre><span
496	style='font-size:9.0pt;color:blue'>�� return mysql_real_escape_string($string, $$link);</span></pre><pre><span
497	style='font-size:9.0pt;color:blue'>� } elseif (function_exists('mysql_escape_string')) {</span></pre><pre><span
498	style='font-size:9.0pt;color:blue'>�� return mysql_escape_string($string);</span></pre><pre><span
499	style='font-size:9.0pt;color:blue'>� }</span></pre><pre><span style='font-size:
500	9.0pt;color:blue'> </span></pre><pre><span style='font-size:9.0pt;
501	color:blue'>� return addslashes($string);</span></pre><pre><span
502	style='font-size:9.0pt;color:blue'>}</span></pre><b><span style='font-size:
503	16.0pt;font-family:Arial'><br clear=all style='page-break-before:always'>
504	</span></b>
505
506	<h1><a name="_Toc119693706"></a><a name="_Toc119693032">Adding Non-Existing
507	Products To Cart</a></h1>
508
509	<p class=MsoNormal><a href="http://www.oscommerce.com/community/bugs,1617">http://www.oscommerce.com/community/bugs,1617</a></p>
510
511	<p class=MsoNormal> </p>
512
513	<h3>Problem:</h3>
514
515	<p class=MsoNormal> </p>
516
517	<p class=MsoNormal>It is possible to add non-existing products into the
518	shopping cart which may prevent customers from removing the products from their
519	cart.</p>
520
521	<p class=MsoNormal> </p>
522
523	<h3>Solution:</h3>
524
525	<p class=MsoNormal> </p>
526
527	<p class=MsoNormal>The following functions must be replaced in
528	catalog/includes/functions/general.php.</p>
529
530	<p class=MsoNormal> </p>
531
532	<p class=MsoNormal>Lines 912-921, from:</p>
533
534	<p class=MsoNormal> </p>
535
536	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
537	color:blue'>function tep_get_uprid($prid, $params) {</span></p>
538
539	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
540	color:blue'>� $uprid = $prid;</span></p>
541
542	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
543	color:blue'>� if ( (is_array($params)) && (!strstr($prid, '{')) ) {</span></p>
544
545	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
546	color:blue'>�� while (list($option, $value) = each($params)) {</span></p>
547
548	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
549	color:blue'>�� $uprid = $uprid . '{' . $option . '}' . $value;</span></p>
550
551	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
552	color:blue'>� ��}</span></p>
553
554	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
555	color:blue'>� }</span></p>
556
557	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
558	color:blue'> </span></p>
559
560	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
561	color:blue'>� return $uprid;</span></p>
562
563	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
564	color:blue'>}</span></p>
565
566	<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New";
567	color:blue'> </span></p>
568
569	<p class=MsoNormal>to:</p>
570
571	<p class=MsoNormal> </p>
572
573	<pre><span style='font-size:9.0pt;color:blue'>function tep_get_uprid($prid, $params) {</span></pre><pre><span
574	style='font-size:9.0pt;color:blue'>� if (is_numeric($prid)) {</span></pre><pre><span
575	style='font-size:9.0pt;color:blue'>�� $uprid = $prid;</span></pre><pre><span
576	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
577	style='font-size:9.0pt;color:blue'>�� if (is_array($params) && (sizeof($params) > 0)) {</span></pre><pre><span
578	style='font-size:9.0pt;color:blue'>�� $attributes_check = true;</span></pre><pre><span
579	style='font-size:9.0pt;color:blue'>�� $attributes_ids = '';</span></pre><pre><span
580	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
581	style='font-size:9.0pt;color:blue'>�� reset($params);</span></pre><pre><span
582	style='font-size:9.0pt;color:blue'>�� while (list($option, $value) = each($params)) {</span></pre><pre><span
583	style='font-size:9.0pt;color:blue'>�� if (is_numeric($option) && is_numeric($value)) {</span></pre><pre><span
584	style='font-size:9.0pt;color:blue'>�� $attributes_ids .= '{' . (int)$option . '}' . (int)$value;</span></pre><pre><span
585	style='font-size:9.0pt;color:blue'>�� } else {</span></pre><pre><span
586	style='font-size:9.0pt;color:blue'>�� $attributes_check = false;</span></pre><pre><span
587	style='font-size:9.0pt;color:blue'>�� break;</span></pre><pre><span
588	style='font-size:9.0pt;color:blue'> ��}</span></pre><pre><span
589	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
590	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
591	style='font-size:9.0pt;color:blue'>�� if ($attributes_check == true) {</span></pre><pre><span
592	style='font-size:9.0pt;color:blue'>�� $uprid .= $attributes_ids;</span></pre><pre><span
593	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
594	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
595	style='font-size:9.0pt;color:blue'>� } else {</span></pre><pre><span
596	style='font-size:9.0pt;color:blue'>�� $uprid = tep_get_prid($prid);</span></pre><pre><span
597	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
598	style='font-size:9.0pt;color:blue'>�� if (is_numeric($uprid)) {</span></pre><pre><span
599	style='font-size:9.0pt;color:blue'>�� if (strpos($prid, '{') !== false) {</span></pre><pre><span
600	style='font-size:9.0pt;color:blue'>�� $attributes_check = true;</span></pre><pre><span
601	style='font-size:9.0pt;color:blue'>�� $attributes_ids = '';</span></pre><pre><span
602	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
603	style='font-size:9.0pt;color:blue'>// strpos()+1 to remove up to and including the first { which would create an empty array element in explode()</span></pre><pre><span
604	style='font-size:9.0pt;color:blue'>�� $attributes = explode('{', substr($prid, strpos($prid, '{')+1));</span></pre><pre><span
605	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
606	style='font-size:9.0pt;color:blue'>�� for ($i=0, $n=sizeof($attributes); $i<$n; $i++) {</span></pre><pre><span
607	style='font-size:9.0pt;color:blue'>�� $pair = explode('}', $attributes[$i]);</span></pre><pre><span
608	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
609	style='font-size:9.0pt;color:blue'>�� if (is_numeric($pair[0]) && is_numeric($pair[1])) {</span></pre><pre><span
610	style='font-size:9.0pt;color:blue'>�� $attributes_ids .= '{' . (int)$pair[0] . '}' . (int)$pair[1];</span></pre><pre><span
611	style='font-size:9.0pt;color:blue'>�� } else {</span></pre><pre><span
612	style='font-size:9.0pt;color:blue'>�� $attributes_check = false;</span></pre><pre><span
613	style='font-size:9.0pt;color:blue'>�� break;</span></pre><pre><span
614	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
615	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
616	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
617	style='font-size:9.0pt;color:blue'>�� if ($attributes_check == true) {</span></pre><pre><span
618	style='font-size:9.0pt;color:blue'>�� $uprid .= $attributes_ids;</span></pre><pre><span
619	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
620	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
621	style='font-size:9.0pt;color:blue'>�� } else {</span></pre><pre><span
622	style='font-size:9.0pt;color:blue'>�� return false;</span></pre><pre><span
623	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
624	style='font-size:9.0pt;color:blue'>� }</span></pre><pre><span style='font-size:
625	9.0pt;color:blue'> </span></pre><pre><span style='font-size:9.0pt;
626	color:blue'>� return $uprid;</span></pre><pre><span style='font-size:9.0pt;
627	color:blue'>}</span></pre><pre> </pre>
628
629	<p class=MsoNormal>Lines 925-929, from:</p>
630
631	<p class=MsoNormal> </p>
632
633	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
634	color:blue'>function tep_get_prid($uprid) {</span></p>
635
636	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
637	color:blue'>� $pieces = explode('{', $uprid);</span></p>
638
639	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
640	color:blue'> </span></p>
641
642	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
643	color:blue'>� return $pieces[0];</span></p>
644
645	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
646	color:blue'>}</span></p>
647
648	<p class=MsoNormal> </p>
649
650	<p class=MsoNormal>to:</p>
651
652	<pre> </pre><pre><span style='font-size:9.0pt;color:blue'>function tep_get_prid($uprid) {</span></pre><pre><span
653	style='font-size:9.0pt;color:blue'>� $pieces = explode('{', $uprid);</span></pre><pre><span
654	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
655	style='font-size:9.0pt;color:blue'>� if (is_numeric($pieces[0])) {</span></pre><pre><span
656	style='font-size:9.0pt;color:blue'>�� return $pieces[0];</span></pre><pre><span
657	style='font-size:9.0pt;color:blue'>� } else {</span></pre><pre><span
658	style='font-size:9.0pt;color:blue'>�� return false;</span></pre><pre><span
659	style='font-size:9.0pt;color:blue'>� }</span></pre><pre><span style='font-size:
660	9.0pt;color:blue'>}</span></pre><pre><span style='font-size:9.0pt;color:blue'> </span></pre><span
661	style='font-size:12.0pt;font-family:"Times New Roman"'><br clear=all
662	style='page-break-before:always'>
663	</span>
664
665	<p class=MsoNormal>The following functions must be replaced in
666	catalog/includes/classes/shopping_cart.php.</p>
667
668	<p class=MsoNormal> </p>
669
670	<p class=MsoNormal>Lines 78-108, from:</p>
671
672	<p class=MsoNormal> </p>
673
674	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
675	color:blue'>function add_cart($products_id, $qty = '1', $attributes = '',
676	$notify = true) {</span></p>
677
678	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
679	color:blue'>� global $new_products_id_in_cart, $customer_id;</span></p>
680
681	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
682	color:blue'> </span></p>
683
684	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
685	color:blue'>� $products_id = tep_get_uprid($products_id, $attributes);</span></p>
686
687	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
688	color:blue'>� if ($notify == true) {</span></p>
689
690	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
691	color:blue'>�� $new_products_id_in_cart = $products_id;</span></p>
692
693	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
694	color:blue'>�� tep_session_register('new_products_id_in_cart');</span></p>
695
696	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
697	color:blue'>� }</span></p>
698
699	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
700	color:blue'> </span></p>
701
702	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
703	color:blue'>� if ($this->in_cart($products_id)) {</span></p>
704
705	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
706	color:blue'>�� $this->update_quantity($products_id, $qty, $attributes);</span></p>
707
708	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
709	color:blue'>� } else {</span></p>
710
711	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
712	color:blue'>�� $this->contents[] = array($products_id);</span></p>
713
714	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
715	color:blue'>�� $this->contents[$products_id] = array('qty' => $qty);</span></p>
716
717	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
718	color:blue'>// insert into database</span></p>
719
720	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
721	color:blue'>�� if (tep_session_is_registered('customer_id'))
722	tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . "
723	(customers_id, products_id, customers_basket_quantity,
724	customers_basket_date_added) values ('" . (int)$customer_id . "',
725	'" . tep_db_input($products_id) . "', '" . $qty . "',
726	'" . date('Ymd') . "')");</span></p>
727
728	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
729	color:blue'> </span></p>
730
731	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
732	color:blue'>�� if (is_array($attributes)) {</span></p>
733
734	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
735	color:blue'>�� reset($attributes);</span></p>
736
737	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
738	color:blue'>�� while (list($option, $value) = each($attributes)) {</span></p>
739
740	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
741	color:blue'>�� $this->contents[$products_id]['attributes'][$option] =
742	$value;</span></p>
743
744	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
745	color:blue'>// insert into database</span></p>
746
747	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
748	color:blue'>�� if (tep_session_is_registered('customer_id'))
749	tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . "
750	(customers_id, products_id, products_options_id, products_options_value_id)
751	values ('" . (int)$customer_id . "', '" .
752	tep_db_input($products_id) . "', '" . (int)$option . "', '"
753	. (int)$value . "')");</span></p>
754
755	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
756	color:blue'>�� }</span></p>
757
758	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
759	color:blue'>�� }</span></p>
760
761	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
762	color:blue'>� }</span></p>
763
764	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
765	color:blue'>� $this->cleanup();</span></p>
766
767	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
768	color:blue'> </span></p>
769
770	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
771	color:blue'>// assign a temporary unique ID to the order contents to prevent
772	hack attempts during the checkout procedure</span></p>
773
774	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
775	color:blue'>� $this->cartID = $this->generate_cart_id();</span></p>
776
777	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
778	color:blue'>}</span></p>
779
780	<span style='font-size:12.0pt;font-family:"Times New Roman"'><br clear=all
781	style='page-break-before:always'>
782	</span>
783
784	<p class=MsoNormal>to:</p>
785
786	<p class=MsoNormal> </p>
787
788	<pre><span style='font-size:9.0pt;color:blue'>function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {</span></pre><pre><span
789	style='font-size:9.0pt;color:blue'>� global $new_products_id_in_cart, $customer_id;</span></pre><pre><span
790	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
791	style='font-size:9.0pt;color:blue'>� $products_id_string = tep_get_uprid($products_id, $attributes);</span></pre><pre><span
792	style='font-size:9.0pt;color:blue'>� $products_id = tep_get_prid($products_id_string);</span></pre><pre><span
793	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
794	style='font-size:9.0pt;color:blue'>� if (is_numeric($products_id) && is_numeric($qty)) {</span></pre><pre><span
795	style='font-size:9.0pt;color:blue'>�� $check_product_query = tep_db_query("select products_status from " . TABLE_PRODUCTS . " where products_id = '" . (int)$products_id . "'");</span></pre><pre><span
796	style='font-size:9.0pt;color:blue'>�� $check_product = tep_db_fetch_array($check_product_query);</span></pre><pre><span
797	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
798	style='font-size:9.0pt;color:blue'>�� if (($check_product !== false) && ($check_product['products_status'] == '1')) {</span></pre><pre><span
799	style='font-size:9.0pt;color:blue'>�� if ($notify == true) {</span></pre><pre><span
800	style='font-size:9.0pt;color:blue'>�� $new_products_id_in_cart = $products_id;</span></pre><pre><span
801	style='font-size:9.0pt;color:blue'>�� tep_session_register('new_products_id_in_cart');</span></pre><pre><span
802	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
803	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
804	style='font-size:9.0pt;color:blue'>�� if ($this->in_cart($products_id_string)) {</span></pre><pre><span
805	style='font-size:9.0pt;color:blue'>�� $this->update_quantity($products_id_string, $qty, $attributes);</span></pre><pre><span
806	style='font-size:9.0pt;color:blue'>�� } else {</span></pre><pre><span
807	style='font-size:9.0pt;color:blue'>� ��$this->contents[$products_id_string] = array('qty' => $qty);</span></pre><pre><span
808	style='font-size:9.0pt;color:blue'>// insert into database</span></pre><pre><span
809	style='font-size:9.0pt;color:blue'>�� if (tep_session_is_registered('customer_id')) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET . " (customers_id, products_id, customers_basket_quantity, customers_basket_date_added) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$qty . "', '" . date('Ymd') . "')");</span></pre><pre><span
810	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
811	style='font-size:9.0pt;color:blue'>�� if (is_array($attributes)) {</span></pre><pre><span
812	style='font-size:9.0pt;color:blue'>�� reset($attributes);</span></pre><pre><span
813	style='font-size:9.0pt;color:blue'>�� while (list($option, $value) = each($attributes)) {</span></pre><pre><span
814	style='font-size:9.0pt;color:blue'>�� $this->contents[$products_id_string]['attributes'][$option] = $value;</span></pre><pre><span
815	style='font-size:9.0pt;color:blue'>// insert into database</span></pre><pre><span
816	style='font-size:9.0pt;color:blue'>�� if (tep_session_is_registered('customer_id')) tep_db_query("insert into " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " (customers_id, products_id, products_options_id, products_options_value_id) values ('" . (int)$customer_id . "', '" . tep_db_input($products_id_string) . "', '" . (int)$option . "', '" . (int)$value . "')");</span></pre><pre><span
817	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
818	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
819	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
820	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
821	style='font-size:9.0pt;color:blue'>�� $this->cleanup();</span></pre><pre><span
822	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
823	style='font-size:9.0pt;color:blue'>// assign a temporary unique ID to the order contents to prevent hack attempts during the checkout procedure</span></pre><pre><span
824	style='font-size:9.0pt;color:blue'>�� $this->cartID = $this->generate_cart_id();</span></pre><pre><span
825	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
826	style='font-size:9.0pt;color:blue'>� }</span></pre><pre><span style='font-size:
827	9.0pt;color:blue'>}</span></pre><span style='font-size:12.0pt;font-family:"Times New Roman"'><br
828	clear=all style='page-break-before:always'>
829	</span>
830
831	<p class=MsoNormal>Lines 110-127, from:</p>
832
833	<p class=MsoNormal> </p>
834
835	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
836	color:blue'>function update_quantity($products_id, $quantity = '', $attributes
837	= '') {</span></p>
838
839	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
840	color:blue'>� global $customer_id;</span></p>
841
842	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
843	color:blue'> </span></p>
844
845	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
846	color:blue'>� if (empty($quantity)) return true; // nothing needs to be updated
847	if theres no quantity, so we return true..</span></p>
848
849	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
850	color:blue'> </span></p>
851
852	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
853	color:blue'>� $this->contents[$products_id] = array('qty' => $quantity);</span></p>
854
855	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
856	color:blue'>// update database</span></p>
857
858	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
859	color:blue'>� if (tep_session_is_registered('customer_id'))
860	tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set
861	customers_basket_quantity = '" . $quantity . "' where customers_id =
862	'" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id)
863	. "'");</span></p>
864
865	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
866	color:blue'> </span></p>
867
868	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
869	color:blue'>� if (is_array($attributes)) {</span></p>
870
871	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
872	color:blue'>�� reset($attributes);</span></p>
873
874	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
875	color:blue'>�� while (list($option, $value) = each($attributes)) {</span></p>
876
877	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
878	color:blue'>�� $this->contents[$products_id]['attributes'][$option] =
879	$value;</span></p>
880
881	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
882	color:blue'>// update database</span></p>
883
884	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
885	color:blue'>�� if (tep_session_is_registered('customer_id')) tep_db_query("update
886	" . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " set
887	products_options_value_id = '" . (int)$value . "' where customers_id
888	= '" . (int)$customer_id . "' and products_id = '" .
889	tep_db_input($products_id) . "' and products_options_id = '" .
890	(int)$option . "'");</span></p>
891
892	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
893	color:blue'>�� }</span></p>
894
895	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
896	color:blue'>� }</span></p>
897
898	<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Courier New";
899	color:blue'>}</span></p>
900
901	<p class=MsoNormal> </p>
902
903	<p class=MsoNormal>to:</p>
904
905	<p class=MsoNormal> </p>
906
907	<pre><span style='font-size:9.0pt;color:blue'>function update_quantity($products_id, $quantity = '', $attributes = '') {</span></pre><pre><span
908	style='font-size:9.0pt;color:blue'>� global $customer_id;</span></pre><pre><span
909	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
910	style='font-size:9.0pt;color:blue'>� $products_id_string = tep_get_uprid($products_id, $attributes);</span></pre><pre><span
911	style='font-size:9.0pt;color:blue'>� $products_id = tep_get_prid($products_id_string);</span></pre><pre><span
912	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
913	style='font-size:9.0pt;color:blue'>� if (is_numeric($products_id) && isset($this->contents[$products_id_string]) && is_numeric($quantity)) {</span></pre><pre><span
914	style='font-size:9.0pt;color:blue'>�� $this->contents[$products_id_string] = array('qty' => $quantity);</span></pre><pre><span
915	style='font-size:9.0pt;color:blue'>// update database</span></pre><pre><span
916	style='font-size:9.0pt;color:blue'>�� if (tep_session_is_registered('customer_id')) tep_db_query("update " . TABLE_CUSTOMERS_BASKET . " set customers_basket_quantity = '" . (int)$quantity . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id_string) . "'");</span></pre><pre><span
917	style='font-size:9.0pt;color:blue'> </span></pre><pre><span
918	style='font-size:9.0pt;color:blue'>�� if (is_array($attributes)) {</span></pre><pre><span
919	style='font-size:9.0pt;color:blue'>�� reset($attributes);</span></pre><pre><span
920	style='font-size:9.0pt;color:blue'>�� while (list($option, $value) = each($attributes)) {</span></pre><pre><span
921	style='font-size:9.0pt;color:blue'>�� $this->contents[$products_id_string]['attributes'][$option] = $value;</span></pre><pre><span
922	style='font-size:9.0pt;color:blue'>// update database</span></pre><pre><span
923	style='font-size:9.0pt;color:blue'>�� if (tep_session_is_registered('customer_id')) tep_db_query("update " . TABLE_CUSTOMERS_BASKET_ATTRIBUTES . " set products_options_value_id = '" . (int)$value . "' where customers_id = '" . (int)$customer_id . "' and products_id = '" . tep_db_input($products_id_string) . "' and products_options_id = '" . (int)$option . "'");</span></pre><pre><span
924	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
925	style='font-size:9.0pt;color:blue'>�� }</span></pre><pre><span
926	style='font-size:9.0pt;color:blue'>� }</span></pre><pre><span style='font-size:
927	9.0pt;color:blue'>}</span></pre><b><span style='font-size:16.0pt;font-family:
928	Arial'><br clear=all style='page-break-before:always'>
929	</span></b>
930
931	<h1><a name="_Toc119693707"></a><a name="_Toc119693033">Session ID XSS Issue</a></h1>
932
933	<p class=MsoNormal><a href="http://www.oscommerce.com/community/bugs,1546">http://www.oscommerce.com/community/bugs,1546</a></p>
934
935	<p class=MsoNormal> </p>
936
937	<h3>Problem:</h3>
938
939	<p class=MsoNormal> </p>
940
941	<p class=MsoNormal><span lang=EN>A cross site scripting issue exists with
942	malformed session IDs being used in the tep_href_link() function.</span></p>
943
944	<p class=MsoNormal><span lang=EN> </span></p>
945
946	<h3><span lang=EN>Solution:</span></h3>
947
948	<p class=MsoNormal><span lang=EN> </span></p>
949
950	<p class=MsoNormal><span lang=EN>Line 66 in
951	catalog/includes/functions/html_output.php must be changed from:</span></p>
952
953	<p class=MsoNormal><span lang=EN> </span></p>
954
955	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
956	color:blue'>$link .= $separator . <span style='background:yellow'>$_sid</span>;</span></p>
957
958	<p class=MsoNormal><span lang=EN> </span></p>
959
960	<p class=MsoNormal><span lang=EN>to:</span></p>
961
962	<p class=MsoNormal><span lang=EN> </span></p>
963
964	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
965	color:blue'>$link .= $separator . <span style='background:yellow'>tep_output_string($_sid)</span>;</span></p>
966
967	<p class=MsoNormal><span lang=EN> </span></p>
968
969	<b><span style='font-size:16.0pt;font-family:Arial'><br clear=all
970	style='page-break-before:always'>
971	</span></b>
972
973	<h1><a name="_Toc119693708"></a><a name="_Toc119693034">Validate Session ID</a></h1>
974
975	<p class=MsoNormal> </p>
976
977	<h3>Problem:</h3>
978
979	<p class=MsoNormal> </p>
980
981	<p class=MsoNormal>Validate the session ID and redirect to the front page when an
982	invalid session ID is requested.</p>
983
984	<p class=MsoNormal> </p>
985
986	<h3>Solution:</h3>
987
988	<p class=MsoNormal> </p>
989
990	<p class=MsoNormal>The following function must be replaced in
991	catalog/includes/functions/sessions.php.</p>
992
993	<p class=MsoNormal> </p>
994
995	<p class=MsoNormal>Lines 66-68, from:</p>
996
997	<p class=MsoNormal><span lang=EN> </span></p>
998
999	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1000	color:blue'>function tep_session_start() {</span></p>
1001
1002	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1003	color:blue'>� return session_start();</span></p>
1004
1005	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1006	color:blue'>}</span></p>
1007
1008	<p class=MsoNormal><span lang=EN> </span></p>
1009
1010	<p class=MsoNormal><span lang=EN>to:</span></p>
1011
1012	<p class=MsoNormal><span lang=EN> </span></p>
1013
1014	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1015	color:blue'>function tep_session_start() {</span></p>
1016
1017	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1018	color:blue'>� global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;</span></p>
1019
1020	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1021	color:blue'> </span></p>
1022
1023	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1024	color:blue'>� $sane_session_id = true;</span></p>
1025
1026	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1027	color:blue'> </span></p>
1028
1029	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1030	color:blue'>� if (isset($HTTP_GET_VARS[tep_session_name()])) {</span></p>
1031
1032	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1033	color:blue'>�� if (preg_match('/^[a-zA-Z0-9]+$/',
1034	$HTTP_GET_VARS[tep_session_name()]) == false) {</span></p>
1035
1036	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1037	color:blue'>�� unset($HTTP_GET_VARS[tep_session_name()]);</span></p>
1038
1039	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1040	color:blue'> </span></p>
1041
1042	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1043	color:blue'>�� $sane_session_id = false;</span></p>
1044
1045	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1046	color:blue'>�� }</span></p>
1047
1048	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1049	color:blue'>� } elseif (isset($HTTP_POST_VARS[tep_session_name()])) {</span></p>
1050
1051	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1052	color:blue'>�� if (preg_match('/^[a-zA-Z0-9]+$/',
1053	$HTTP_POST_VARS[tep_session_name()]) == false) {</span></p>
1054
1055	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1056	color:blue'>�� unset($HTTP_POST_VARS[tep_session_name()]);</span></p>
1057
1058	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1059	color:blue'> </span></p>
1060
1061	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1062	color:blue'>�� $sane_session_id = false;</span></p>
1063
1064	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1065	color:blue'>�� }</span></p>
1066
1067	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1068	color:blue'>� } elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) {</span></p>
1069
1070	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1071	color:blue'>�� if (preg_match('/^[a-zA-Z0-9]+$/',
1072	$HTTP_COOKIE_VARS[tep_session_name()]) == false) {</span></p>
1073
1074	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1075	color:blue'>�� $session_data = session_get_cookie_params();</span></p>
1076
1077	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1078	color:blue'> </span></p>
1079
1080	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1081	color:blue'>�� setcookie(tep_session_name(), '', time()-42000,
1082	$session_data['path'], $session_data['domain']);</span></p>
1083
1084	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1085	color:blue'> </span></p>
1086
1087	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1088	color:blue'>�� $sane_session_id = false;</span></p>
1089
1090	<p class=MsoNormal><span lang=EN style='font-size:9.0pt;font-family:"Courier New";
1091	color:blue'>�� }</span></p>
1092

FishEye

View

Diff

Annotations

Annotated File View