Hello all,
I have stumbled across a bug in the way zen_get_index_filters_directory() handles typefilters that do not exist. The default file name provided on a file not found condition is not correct. Also, simply correcting the file name was not sufficient, because then overrides to the default typefilter were not handled correctly.
I've fixed the function in our cart and wanted to share in case it was helpful to anyone else:
(I commented it up heavily for demonstration purposes, I won't be offended if you delete the comments.Code:function zen_get_index_filters_directory($check_file, $dir_only = 'false') { global $template_dir; $zv_filename = $check_file; if (!strstr($zv_filename, '.php')) $zv_filename .= '.php'; // TICK: Handle non-existent typefilter gracefully if ((!file_exists(DIR_WS_INCLUDES. 'index_filters/' . $template_dir . '/' . $zv_filename)) && (!file_exists(DIR_WS_INCLUDES. 'index_filters/' . $zv_filename))) { $zv_filename='default_filter.php'; } // TICK: End if (file_exists(DIR_WS_INCLUDES . 'index_filters/' . $template_dir . '/' . $zv_filename)) { $template_dir_select = $template_dir . '/'; } else { $template_dir_select = ''; } // TICK: Commented out because condition is handled above //if (!file_exists(DIR_WS_INCLUDES . 'index_filters/' . $template_dir_select . '/' . $zv_filename)) { // $zv_filename = 'default'; //} // TICK: End if ($dir_only == 'true') { return 'index_filters/' . $template_dir_select; } else { return 'index_filters/' . $template_dir_select . $zv_filename; } })
Encountering this error should be a fairly rare occurrence. I found it after doing some cart cleanup and completely deleting a typefilter. Search engines still had the old typefilter indexed and were trying to validate the pages; instead of 404's (the products were deleted too) they were getting a blank page. It could also be encountered if someone was trying to find an LFI vulnerability, I suppose.
Hope that is helpful. Thanks for all your efforts, Zen Team!
Results 1 to 1 of 1
-
16 Oct 2010, 05:18 PM #1
New Zenner
- Join Date
- Jun 2007
- Location
- Phoenix, AZ
- Posts
- 69
- Plugin Contributions
- 0
[Done] (Trivial) Typefilter Handling Error
Generations Crafting (Our Zen-Cart storefront)
"And that's just it, Doc - my mind has always been my Achilles' heel!" -- The Tick
Similar Threads
-
Handling fee
By provida in forum General QuestionsReplies: 6Last Post: 11 Feb 2010, 06:35 PM -
Better Error Handling when getting timeouts from USPS or UPS?
By kwright in forum General QuestionsReplies: 10Last Post: 4 Mar 2009, 04:53 PM -
New Product type - typefilter url var results in blank page
By GuitsBoy in forum Setting Up Categories, Products, AttributesReplies: 2Last Post: 24 Dec 2007, 09:33 PM
Bookmarks