Search found 18385 matches

Search found 18385 matches

Re: Notice: Undefined index: points in bug

replace:

Code: Select all

<?php if ($product['points']) { ?>
with:

Code: Select all

<?php if (isset($product['points'])) { ?>

Jump to post
  • Wed Dec 14, 2011 10:43 am
  • Replies 5
  • Views 2971
Re: How to fix error in checkout page.

Since this is a paid contribution, I would suggest to send a message to the author.

Jump to post
  • Tue Dec 13, 2011 10:27 pm
  • Replies 6
  • Views 952
Re: How to fix error in checkout page.

This error seem to be from a downloaded / developed contribution module called: shoppica. However, when I type shoppica in the extensions, multiple results are being returned. Would it be possible to post the shoppica contribution link ?

Jump to post
  • Tue Dec 13, 2011 9:54 pm
  • Replies 6
  • Views 952
Re: customize special module on opencart 1.5.1.3

The title can be changed from your languages folder under the sub-folder module.

Jump to post
  • Tue Dec 13, 2011 9:46 pm
  • Replies 2
  • Views 482
Re: [BUG - v1.5.1.3] all insertion model files

Sorry, wrong term - I meant inserts, not injections.

Jump to post
  • Mon Dec 12, 2011 11:47 pm
  • Replies 26
  • Views 3465
Re: [BUG - v1.5.1.3] all insertion model files

Any evidence that these injections problematic are specifically due to contributed modules during while the code also contains countless issues ?

Jump to post
  • Mon Dec 12, 2011 11:42 pm
  • Replies 26
  • Views 3465
Re: [BUG - v1.5.1.3] all insertion model files

http://milov.nl/2836 This function is crap. I have code now (not my) which have to work on mysql 5.1, previous DB was 5.0. If I try now to insert with an auto-increment primary I get an error: INSERT INTO table SET COL_PRIMARY="", COL_TEXT1="blabla"; And the primary column now try to insert NULL wha...

Jump to post
  • Mon Dec 12, 2011 11:32 pm
  • Replies 26
  • Views 3465
Re: Plus sign (+) injection bug from the admin towards catal

So it sounds like urlencode/decode is the culprit somewhere, but that data should be encoded for the ajax callback. A much better answer. Thank you for mentioning that up since it would make total sense. :) Is the user running 1.5.1.3 or some version of the SVN? This user had no contribution whatso...

Jump to post
  • Mon Dec 12, 2011 11:22 pm
  • Replies 9
  • Views 1573
Re: [BUG - v1.5.1.3] all insertion model files

This is total bullshit. MySQL doesn't differentiate between SET and the VALUES clause, and change the content depending on which it is. Where is your documentation stating this from MySQL? In fact any links? Also, MySQL injection has nothing to do with this Beg to differ. If you google on this subj...

Jump to post
  • Mon Dec 12, 2011 11:18 pm
  • Replies 26
  • Views 3465
Re: Plus sign (+) injection bug from the admin towards catal

The plus sign is wrapped in single quotes. It doesn't seem to be enough. Ever since I did fixed this issue for this user, he did reported complete satisfaction on the above and now works accordingly. Regarding the POST and the GET / urlencode issue, that may be a possible cause though. What I do ca...

Jump to post
  • Mon Dec 12, 2011 11:11 pm
  • Replies 9
  • Views 1573
Re: [BUG - v1.5.1.3] all insertion model files

Qphoria wrote:I really don't understand this change. You are just changing:
insert into ... SET
to
insert into .... values (....)
??

Insert into --- SET is perfectly valid:
http://dev.mysql.com/doc/refman/5.5/en/insert.html
All the details on why these changes was due are explained on my first post.

Jump to post
  • Mon Dec 12, 2011 11:04 pm
  • Replies 26
  • Views 3465
Re: Plus sign (+) injection bug from the admin towards catal

It seems odd that after 5+ years, this would suddenly be an issue. You are saying mySql doesn't like price_prefix = '+' ? That is correct. With this field type from what the + and - has been used for, mySQL rejects this methodology with + but, again, the minuses does work but the reason I did made ...

Jump to post
  • Mon Dec 12, 2011 10:31 pm
  • Replies 9
  • Views 1573
Re: Adding Order Comments (Blob) to SQL report

The comment is stored in admin/model/sale/order.php file and as a return sale in admin/model/sale/return.php file.

Jump to post
  • Mon Dec 12, 2011 5:27 am
  • Replies 2
  • Views 331
Re: [1.5.1.3] headers already sent

The reason you're seeing this error is because an attribute may or may not be guaranteed while adding a language in this case. The error message shows up because the cache can't find the 'attribute' key. A temporary solution would be to state from admin/model/localisation/language.php file for each ...

Jump to post
  • Mon Dec 12, 2011 5:17 am
  • Replies 6
  • Views 1354
Re: [BUG - v1.5.1.3] all insertion model files

Update from first post. Now, all models (admin and catalog folder) has been patched for future SQL injections (including the checkout orders which was recently reported as no results under the admin after a completed order).

Jump to post
  • Mon Dec 12, 2011 5:08 am
  • Replies 26
  • Views 3465
Re: Plus sign (+) injection bug from the admin towards catal

One more step added (last step) on the above.
- Corrected the condition statement from words to a letter since the field only support one character on anyhow.
- Added the weight steps for the admin template modifications rather than just the price steps since both are required to be changed.

Jump to post
  • Mon Dec 12, 2011 3:53 am
  • Replies 9
  • Views 1573
Plus sign (+) injection bug from the admin towards catalog.

Thanks to chiris from this topic: http://forum.opencart.com/viewtopic.php?f=161&t=48214 by addressing this important bug issue. Some users also reported an odd problem regarding the output of the '+' sign versus the '-' sign. The reason this problematic occurs is due to a decline methodology prevent...

Jump to post
  • Mon Dec 12, 2011 3:39 am
  • Replies 9
  • Views 1573
Re: [BUG - v1.5.1.3] admin/model/catalog folder

That means even though the SQL injections has now been fixed, there might be something wrong with the condition of this Ajax code from the catalog's end. Are you using a contribution for this ?

Jump to post
  • Mon Dec 12, 2011 1:57 am
  • Replies 26
  • Views 3465
Re: [BUG - v1.5.1.3] admin/model/catalog folder

Done. All models under the admin has been fixed regarding new values.

Jump to post
  • Mon Dec 12, 2011 1:39 am
  • Replies 26
  • Views 3465

Search found 18385 matches