Jump to content

ohno

Members
  • Content Count

    75
  • Joined

  • Last visited

  • Days Won

    1

ohno last won the day on March 28

ohno had the most liked content!

Community Reputation

2 Neutral

About ohno

  • Rank
    Regular Member
  1. This is what he did..... new function.load_search_query.php file <?php function smarty_function_load_search_query($params, $smarty) { $query = new SearchQuery(); $smarty->assign('query', $query->readFromRequest()); } class SearchQuery { public $value = ""; public static function readFromRequest() { $query = new self(); if (isset($_GET["search"]) && is_string($_GET["search"])) { $query->value = $_GET["search"]; } return $query; } } ?> Modified function.load_search.php : - function __construct() { require_once FILE_ROOT . '/data_objects/do_settings.php'; $this->mDoSettings = new DoSettings(); require_once FILE_ROOT . '/data_objects/do_catalogue.php'; $this->mDoCatalogue = new DoCatalogue(); if (!isset($_REQUEST['search']) || !is_string($_REQUEST['search']) ) { header ("Location: /emptysearch/"); die (); } if (strlen(trim($_REQUEST['search']))>0 ) { $this->mSearchString = trim(stripslashes($_REQUEST['search'])); $this->mSearchArray = explode(" ", $this->mSearchString); } else { header ("Location: /emptysearch/"); die (); } } Changed tpl file to include {load_search_query assign="query"} & change the search query to {$query->value|escape:'htmlall'}. It doesn't error with the [], running PCI scan now.....
  2. Thanks again hopefully they can sort the issue now.
  3. Thanks, I'll pass this onto a developer who has been doing other work on my site (as I have no clue where the above code would be used!). Thanks for your help, would the above code fix both errors?
  4. Could I simply do : - $this->mSearchString = str_replace ( "[", " ",($_REQUEST['search'])); To prevent an array in the search?
  5. That gives a slightly different error in the log : - ERRNO: 2 TEXT: trim() expects parameter 1 to be string, array given LOCATION: /home/website/public_html/smarty_plugins/function.load_search.php, line 27, at April 20, 2020, 7:00 pm function.load_search.php is above too. Now, I have no clue how to fix it! Any idea's what code I'd need to fix it?
  6. function.load_product.php IS the above code. The tpl was already posted, it's this code : - {load_chat assign="chat"} {if $chat->mChat} <script type="text/javascript" id="763333b0f312f025d780a8f4451bf6f3" src="https://www.siteaddress.com/online-support/script.php?id=763333b0f312f025d780a8f4451bf6f3"></script> {/if} {if !$chat->mChat && $settings->mSettings[13]} <script type="text/javascript" id="aaa07817d7cd2a7dce9e0ffac6286dbb" src="https://www.siteaddress.com/online-support/script.php?id=aaa07817d7cd2a7dce9e0ffac6286dbb"></script> {/if} <div id="menu_switch"><i class="fa fa-bars fa toggler"></i></div> <form id="product_search" method="get" action="{$smarty.const.SITE_ROOT}/searchresults/"> <input type="text" name="search" placeholder="&#xf002; Product Search" style="font-family: FontAwesome, Arial; font-style: normal; font-size:18px;" {if isset($smarty.request.search) && $settings->mSettings[107]}value="{$smarty.request.search|escape:'htmlall'}"{/if} /><button type="submit" class="button"><i class="fa fa-search" aria-hidden="true"></i> <i class="fa fa-caret-right" aria-hidden="true"></i></button> </form> <form id="code_search" method="post" action="{$smarty.const.SITE_ROOT}/cart/quickadd.php"> <input type="text" name="code" maxlength="14" placeholder="&#xf061; Product Code" style="font-family: FontAwesome, Arial; font-style: normal; font-size:18px;" /><button type="submit" name="submit" class="orange"><i class="fa fa-shopping-cart" aria-hidden="true"></i> Quick Add <i class="fa fa-caret-right" aria-hidden="true"></i></button> </form> {if !isset($hidecart) && isset($cartsmall) && $cartsmall->mCart.sub > 0} <p id="view_cart"><a class="button orange" href="{$smarty.const.SITE_ROOT}/cart/"><span class="hidden-xs hidden-sm"><i class="fa fa-shopping-cart" aria-hidden="true"></i> View Cart &nbsp;</span>&pound;{$cartsmall->mCart.sub} <i class="fa fa-caret-right" aria-hidden="true"></i></a></p> {/if} <script> Hopefully that helps?
  7. <?php function smarty_function_load_product($params, $smarty) { $product = new Product(); $product->init($params['dir']); $smarty->assign($params['assign'], $product); } class Product { // public fields public $mProduct; //public $mImages; //public $mImageCount; public $mOptions; public $mXsells; // private fields private $mDoSettings; private $mDoCatalogue; function __construct() { require_once FILE_ROOT . '/data_objects/do_settings.php'; $this->mDoSettings = new DoSettings(); require_once FILE_ROOT . '/data_objects/do_catalogue.php'; $this->mDoCatalogue = new DoCatalogue(); } public function init($dir) { $this->mProduct = $this->mDoCatalogue->GetProductFromDir(trim(stripslashes($dir))); if (!$this->mProduct) { header('HTTP/1.1 404 Not Found'); $_GET['e'] = 404; include(FILE_ROOT . '/errors/404.php'); exit(); } $this->mProduct['price_inc'] = number_format($this->mProduct['price'] * (($this->mDoSettings->GetSetting(1) / 100) + 1), 2, ".", ","); $options = trim($this->mProduct['optionprods'], ",\t\n\r\0\x0B"); $options_ids = explode(",", $options); for ($i = 0; $i < count($options_ids); $i++) { if (is_numeric($options_ids[$i])) { $product = $this->mDoCatalogue->GetProduct((int)$options_ids[$i]); if ($product) { $product['price_inc'] = number_format($product['price'] * (($this->mDoSettings->GetSetting(1) / 100) + 1), 2, ".", ","); $this->mOptions[] = $product; } } } $this->mXsells = $this->mDoCatalogue->GetXsells($this->mProduct['productid']); shuffle($this->mXsells); } } ?>
  8. Not sure how to debug this. I have the following error that is ONLY happening when our site has a PCI scan running : - ERRNO: 2 TEXT: htmlspecialchars() expects parameter 1 to be string, array given LOCATION: /home/bttorj45/public_html/smarty_templates_c/dbbe565f1731d4158472b66b75c85442498e81b9_0.file.top_menu_bar.tpl.php, line 42, at April 11, 2020, 5:05 pm Showing backtrace: htmlspecialchars(Array[1], "3", "UTF-8", true) # line 42, file: /home/siteaddress/public_html/smarty_templates_c/dbbe565f1731d4158472b66b75c85442498e81b9_0.file.top_menu_bar.tpl.php content_5e83087341d089_14126332(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php Smarty_Internal_Template.render() # line 385, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php Smarty_Internal_Template._subTemplateRender("file:page_elements/top_menu_bar.tpl", null, null, "0", "120", Array[0], "0", false) # line 56, file: /home/siteaddress/public_html/smarty_templates_c/0e4c1495f7a25cef1d85553f951690964f702a5a_0.file.error404.tpl.php content_5e4ffba4a49c66_36622821(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php Smarty_Internal_Template.render(false, "1") # line 232, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php Smarty_Internal_TemplateBase._execute(Object:Smarty_Internal_Template, null, null, null, "1") # line 134, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php Smarty_Internal_TemplateBase.display("pages/error404.tpl") # line 65, file: /home/siteaddress/public_html/errors/404.php include("/home/siteaddress/public_html/errors/404.php") # line 34, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php Product.init("api") # line 5, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php smarty_function_load_product(Array[2], Object:Smarty_Internal_Template) # line 39, file: /home/siteaddress/public_html/smarty_templates_c/53725e8a2fc4b6c7c0c42e801dab2741a0994a8e_0.file.product.tpl.php content_5e579e9761f086_59385269(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php Smarty_Internal_Template.render(false, "1") # line 232, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php Smarty_Internal_TemplateBase._execute(Object:Smarty_Internal_Template, null, null, null, "1") # line 134, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php Smarty_Internal_TemplateBase.display("pages/product.tpl") # line 85, file: /home/siteaddress/public_html/dirs.php I ***think*** the scan must be inputting something in the search box to cause this (I'm awaiting info from Security Metrics with regard to this). {load_chat assign="chat"} {if $chat->mChat} <script type="text/javascript" id="763333b0f312f025d780a8f4451bf6f3" src="https://www.siteaddress.com/online-support/script.php?id=763333b0f312f025d780a8f4451bf6f3"></script> {/if} {if !$chat->mChat && $settings->mSettings[13]} <script type="text/javascript" id="aaa07817d7cd2a7dce9e0ffac6286dbb" src="https://www.siteaddress.com/online-support/script.php?id=aaa07817d7cd2a7dce9e0ffac6286dbb"></script> {/if} <div id="menu_switch"><i class="fa fa-bars fa toggler"></i></div> <form id="product_search" method="get" action="{$smarty.const.SITE_ROOT}/searchresults/"> <input type="text" name="search" placeholder="&#xf002; Product Search" style="font-family: FontAwesome, Arial; font-style: normal; font-size:18px;" {if isset($smarty.request.search) && $settings->mSettings[107]}value="{$smarty.request.search|escape:'htmlall'}"{/if} /><button type="submit" class="button"><i class="fa fa-search" aria-hidden="true"></i> <i class="fa fa-caret-right" aria-hidden="true"></i></button> </form> <form id="code_search" method="post" action="{$smarty.const.SITE_ROOT}/cart/quickadd.php"> <input type="text" name="code" maxlength="14" placeholder="&#xf061; Product Code" style="font-family: FontAwesome, Arial; font-style: normal; font-size:18px;" /><button type="submit" name="submit" class="orange"><i class="fa fa-shopping-cart" aria-hidden="true"></i> Quick Add <i class="fa fa-caret-right" aria-hidden="true"></i></button> </form> {if !isset($hidecart) && isset($cartsmall) && $cartsmall->mCart.sub > 0} <p id="view_cart"><a class="button orange" href="{$smarty.const.SITE_ROOT}/cart/"><span class="hidden-xs hidden-sm"><i class="fa fa-shopping-cart" aria-hidden="true"></i> View Cart &nbsp;</span>&pound;{$cartsmall->mCart.sub} <i class="fa fa-caret-right" aria-hidden="true"></i></a></p> {/if} <script> $('.toggler').click(function() { $(this).toggleClass("fa-bars fa-times"); }); </script> function.load_search.php :- <?php function smarty_function_load_search($params, $smarty) { $search = new Search(); $search->init(); $smarty->assign($params['assign'], $search); } class Search { // public fields public $mSearchString; public $mSearchArray; public $mProducts; public $mProductCount; // private fields private $mDoSettings; private $mDoCatalogue; function __construct() { require_once FILE_ROOT . '/data_objects/do_settings.php'; $this->mDoSettings = new DoSettings(); require_once FILE_ROOT . '/data_objects/do_catalogue.php'; $this->mDoCatalogue = new DoCatalogue(); if (isset($_REQUEST['search']) && strlen(trim($_REQUEST['search']))>0 ) { $this->mSearchString = trim(stripslashes($_REQUEST['search'])); $this->mSearchArray = explode(" ", $this->mSearchString); } else { header ("Location: /emptysearch/"); die (); } } public function init() { $this->mProducts = $this->mDoCatalogue->SearchProducts($this->mSearchArray); $this->mProductCount = count($this->mProducts); for ($i = 0; $i < count($this->mProducts); $i++) { $this->mProducts[$i]['price_inc'] = number_format($this->mProducts[$i]['price'] * (($this->mDoSettings->GetSetting(1) / 100) + 1), 2, ".", ","); } } } ?> do_catalogue.php :- public function SearchProducts($search) { $fields = array("code", "title", "keywords"); $query_string = "SELECT p.code, p.title, p.cattext, p.price, p.img, p.url, p.available, p.due, p.special, p.newproduct, p.discontinued, c.name, c.menulinktext FROM " . $this->mProductTable . " p " . "JOIN categories c ON p.category = c.id " . "WHERE (("; for ($f = 0; $f < count($fields); $f++) { if ($f != 0) { $query_string .= ") OR ("; } for ($s = 0; $s < count($search); $s++) { if ($s != 0) { $query_string .= " AND "; } $query_string .= "p." . $fields[$f] . " LIKE '%" . $this->mDoQuery->dbManager->DbEscape($search[$s]) . "%'"; } } $query_string .= ")) AND active=1 AND live=1 " . "ORDER BY p.rating ASC"; return $this->mDoQuery->dbManager->DbGetAll($query_string); } Any idea's how to fix it? I can't replicate it with a specific issue as I don't know what the scan is doing to cause this! Thanks
  9. &copy; 2010-<?php echo date("Y");?>
  10. I'll take a look Monday. PHP 7.3 btw. Thanks
  11. Well I guess that sums it up! What I posted works as far as O can see (perhaps you could be more helpful and state what won't work?). I came here for help. I don't help someone if I don't know what I'm doing. I DO help someone who doesn't know what they are doing but I do! Sorry. But in my day that's what forums were all about.
  12. Do you never help someone? Wiring a telecom system is not easy but I could help you blindfolded with my hands behind my back & yes, I've pulled apart many things in the past. That's how some people learn. I really don't have time to start learning PHP from the beginning & finding a coder to something as small as this is impossible (much like finding a telecoms engineer to fit a telephone socket )
  13. I tried as what I said above & it works. No errors. Most probably not the correct way but works! So I have this : - if (isset($_SESSION['cartid']) && isset($_POST['cartitem']) && isset($_POST['quantity']) && is_numeric($_POST['quantity']) && (!isset($_SESSION['lockedcard']) && $_SESSION['lockedcard'] == '') && (!isset($_SESSION['lockedpaypal']) && $_SESSION['lockedpaypal'] == '')) { On the card page :- $_SESSION['lockedpaypal'] = 0; $_SESSION['lockedcard'] = 1; On the PayPal page :- $_SESSION['lockedcard'] = 0; $_SESSION['lockedpaypal'] = 1; I'll take a look at what was suggested another day Right now I need some piece & a cool beer. Take care all
  14. I don't know how to. Leaving it for now, thanks for you help. The code posted by Barand didn't work either. Perhaps I'm missing something but with kids screaming and god knows what else going on I've run out of patience for today! Give me 200 pairs of wires to connect correctly no problem but THIS may as well be in Chinese.
  15. Spelling is fine. SESSION['lockedcard'] is only set if user has visited card payment page, SESSION['lockedpaypal'] is only set if Pay Pal is visited. I guess I should be setting SESSION['lockedcard'] to '0' if PayPal page is visited & SESSION['lockedpaypal'] to '0' if card page is visited perhaps?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.