How do you go about updating a UMM copy of Ceon? It's not clear to me that ceon.net is still operating.
Printable View
How do you go about updating a UMM copy of Ceon? It's not clear to me that ceon.net is still operating.
I usually get a reply when I query something.
OK I'll try again.
Did you get a reply? I've never once had a response from them, even when using a non work related email address.Quote:
Originally Posted by swguy
I've experienced issues with URI Mapping on ZC 1.5.8
EZ-pages rewrites don't work correctly. Although the correct url is applied to the link in the header, when clicked it simply reloads the admin page.
Tried again using a fresh install of 1.5.8 and URI 5.1.0 to ensure it wasn't caused by some other edits, but the same issue.
Can anyone else confirm this?
@swguy Are you aware of any changes in 1.5.8 that would impact on URI Mapping functionality?
That'll teach me to not read the thread fully. I see it was reported by neekfenwick a while ago on https://github.com/zencart/zencart/issues/5366 and a solution was provided by lat9.
No sir. Not a peep.Quote:
Originally Posted by strelitzia
There is an XSS vulnerability in this. Patch below.
manufacturers_id one is definitely exploitable, other ones I added to be safe, not sure if they are sanitized elsewhere.
Code:+++ new/includes/classes/class.CeonURIMappingHandler.php 2023-05-25 12:26:02.822504000 -0700
@@ -408,7 +408,7 @@
// A product review's page needs the ID included as part of the canonical URI
if (defined('FILENAME_PRODUCT_REVIEWS_INFO') && $main_page == FILENAME_PRODUCT_REVIEWS_INFO &&
isset($_GET['reviews_id'])) {
- $ceon_uri_mapping_canonical_uri .= '?reviews_id=' . $_GET['reviews_id'];
+ $ceon_uri_mapping_canonical_uri .= '?reviews_id=' . (int)$_GET['reviews_id'];
}
if (isset($GLOBALS['zco_notifier'])) {
$GLOBALS['zco_notifier']->notify('CEON_CLASS_HANDLER_HANDLE_STATIC_URI_END', compact('mapping_info', 'uri_to_match'));
@@ -689,11 +689,13 @@
global $ceon_uri_mapping_canonical_uri;
$ceon_uri_mapping_canonical_uri = HTTP_SERVER . DIR_WS_CATALOG .
- 'index.php?main_page=index&manufacturers_id=' . $_GET['manufacturers_id'];
+ 'index.php?main_page=index&manufacturers_id=' . (int)$_GET['manufacturers_id'];
} else if (isset($_GET['typefilter']) && $_GET['typefilter'] != '' &&
isset($_GET[$_GET['typefilter'] . '_id']) && $_GET[$_GET['typefilter'] . '_id'] != '') {
global $ceon_uri_mapping_canonical_uri;
+
+ $_GET['typefilter'] = htmlspecialchars($_GET['typefilter']);
$ceon_uri_mapping_canonical_uri = HTTP_SERVER . DIR_WS_CATALOG . 'index.php?main_page=index' .
'&typefilter=' . $_GET['typefilter'] . '&' . $_GET['typefilter'] . '_id=' .
Would someone please PR to https://github.com/JSWebSteve/Ceon-URI-Mapping-V5.1.0
ok, done