Re: Stamps.com setting error while importing.
I've reported this issue to stamps.com (and included the suggested correction). There are 3 areas to be changed:
Line 776:
Code:
$comments = /*mysql_escape_string($_REQUEST['comments'])*/ $db->prepare_input ($_REQUEST['comments']); //-20150917-lat9 *** 1 of 3 ***
Line 828
Code:
/*mysql_real_escape_string($country_name)*/ $db->prepare_input ($country_name)); //-20150917-lat9 *** 2 of 3 ***
Lines 854-856
Code:
$qry = sprintf("select zone_code from ". TABLE_ZONES. " where zone_country_id = '%s' and zone_name = '%s'",
/*mysql_real_escape_string($country_id)*/ $db->prepare_input ($country_id),
/*mysql_real_escape_string($state_name)*/ $db->prepare_input ($state_name)); //-20150917-lat9 *** 3 of 3 ***
Re: Stamps.com setting error while importing.
Thank you, that fixed it.
Re: Stamps.com setting error while importing.
Excellent! According to the customer-care email that I received from stamps.com, they should have those changes incorporated real-soon-now.
Re: Stamps.com setting error while importing.
You mean, two years from now, right?
Re: Stamps.com setting error while importing.
Quote:
Originally Posted by
vanhorn_s
You mean, two years from now, right?
We'll see; they were quite responsive to the email query that I sent in. Since they've got the fix, "all" they need to do is re-validate and release!
Re: Stamps.com setting error while importing.
The last time I emailed them a fix, they told me they would implement it, but they never did.
Re: Stamps.com setting error while importing.
And people ask why we switched from the Stamps.com interface to
ShipStation.com interface with is owned by Stamps.com but easier to implement, more functionality and includes a better rate discount for PriorityMail through an ExpressONE account running parallel to Stamps.com account.
I did receive a notice a few months ago that a priority issue/trouble ticket generated 18 months ago was finally patched.
Re: Stamps.com setting error while importing.
I tried shipstation last time there was a serious issue, and It works great, but I didn't want to pay the extra amount.
I figured out what the problem was, and that was the one they never fixed, after I emailed it to them.
https://www.zen-cart.com/showthread....th-1-5-3/page2
1 Attachment(s)
Re: stamps.com no longer working with 1.5.3
I was able to get stamps.com integration to work with 1.5.5e with this version where I made a few edits to the file to account for the Mysql depreciated functions and replaced them with MySqli equivalents. I am quite sure there are more elegant ways to get this fixed but for now I would like some comments from the other programmers if this compromises security doing it this way.
I modified the original function:
Code:
// Returns the zen country id for the given named country
function GetCountryID($country_name)
{
global $db;
$qry = sprintf("select countries_id from ". TABLE_COUNTRIES. " where countries_name = '%s'",
mysql_real_escape_string($country_name));
$countryQuery = $db->Execute($qry);
if ($countryQuery->RecordCount() == 0)
{
return $country_name;
}
else
{
return $countryQuery->fields['countries_id'];
}
}
and changed it to look like this since the mysqli_real_escape_string() requires a connection string as the first parameter:
Code:
// Returns the zen country id for the given named country
function GetCountryID($country_name)
{
global $db;
$mysqli = new mysqli('DB_SERVER' , 'DB_SERVER_USERNAME' , 'DB_SERVER_PASSWORD' , 'DB_DATABASE' );
$qry = sprintf("select countries_id from ". TABLE_COUNTRIES. " where countries_name = '%s'",
mysqli_real_escape_string($mysqli, $country_name));
$countryQuery = $db->Execute($qry);
if ($countryQuery->RecordCount() == 0)
{
return $country_name;
}
else
{
return $countryQuery->fields['countries_id'];
}
}
I did the same for three other functions that were using similar code see the attached updated stamps module if you wish to see the all the changes.
