Hi I am installing via the admin side of our website. Just selecting insert SQL and then clicking run.Quote:
Originally Posted by mc12345678
Also I have found for some reason I have 4 lots of the configure User Tracking in our drop down.
Printable View
Hi I am installing via the admin side of our website. Just selecting insert SQL and then clicking run.Quote:
Originally Posted by mc12345678
Also I have found for some reason I have 4 lots of the configure User Tracking in our drop down.
I noticed that the user tracking page can attempt to process a script from the links sounds like a security issue ant way to fix?
Attachment 14529
Could you please elaborate on the issue? I have two interpretations in mind, not sure which if either is what is meant.Quote:
Originally Posted by ShopVille
1) The link that is internally processed is activated by the code through processing.
2) If the linkis clicked the action taken at/by the destination is activated and it is that action desired to prevent?
Is it either of those or neither and whatever the case, please explain further and how the attached image is relevant.
This happens just by loading the user tracking page without clicking any links
MaybeQuote:
2) If the linkis clicked the action taken at/by the destination is activated and it is that action desired to prevent?
Some of the links in the page that might be causing the script:
Code:cPath=23_41_63&number_of_uploads=2&action=notify&zenid=48bc9128a261160f2d52a07de1dd1c80?%3E%3CSCRIPT%3Ealert(%27SAINT%27)%3C/SCRIPT%3E
I see that there are still a few cases of links being created straight from the supplied data instead of the more preferred method of using zen_href_link functionality. That additional processing would be one way to reduce that likelihood. I was also working on a POST instead of GET method of transferring/processing data, but haven't completed that effort.Quote:
Originally Posted by ShopVille
Where has this plugin been all the years using ZC?! Now I can track users without having to refresh Who's Online every 5 seconds. It's great! Is there a way to display the User Agent? This is really helpful for knowing if the user is on a computer, phone, or tablet...
Believe it or not it's been here for a really long time, starting off with Dr. Byte. It seemed to lingerdormant for a while and when I too saw it's ability and after asking if it would be okay to continue on with it, I have tried to make improvements. Currently it does need a little bit of an overhaul in the data capture aspect to come into line a little more with how who's online captures and stores the data as evidence from a few posts back. But, yes that cappability could be added. If so, I would think it should be made into a switchable data set to capture to try to minimize the database storage amount. I also planned to incorporate the ability to autodelete history beyond a certain point so that the database usage could further be limited.Quote:
Originally Posted by pricediscrimination
But, as all plugins, if someone has made or is willing to make improvements, then they can be submitted forincorporation and public use. :)
Thanks for the reply. It's truly a great plugin and very useful. Wondering if anyone is experiencing a weird issue where if the customer has something in their cart, it shows that item listed on the right in every session's "User Shopping Cart" section...Quote:
Originally Posted by mc12345678
Yes. It's a known issue. Have to try to match the cart info to the session. This is one area of who's online that needs to be split out from this module.Quote:
Originally Posted by pricediscrimination
I updated to 1.5.4 and reinstalled this and now I'm not being told where my visitors are coming from. Every Originating URL is showing as having come from one of my store pages with the only exception being traffic from Google.
I had posted a link to a special in one of the forums I subscribe to and when I went in and edited the link by adding src=wxyz.com, that showed up in the originating URL.
Has something changed since I used this in 1.3?