Hi,
I was recently made aware of the following page:
https://www.zen-cart.com/tutorials/i...hp?article=320
The following lines cannot be made part of the core or they will break many payment modules:
This is because they are limiting the length of any single GET parameter to 43 characters.PHP Code:if (isset($_GET[$key]) && strlen($_GET[$key]) > 43) {
$contaminated = true;
}
Many of the payment modules pass an error message as a GET parameter which is considerably longer than 43 characters - something which is fully compliant with all relevant standards/guidelines.
Either the error_message parameter should be removed from the $paramsToCheck array or the allowed length of the parameters should conform to the web standards for GET parameters.
Obviously it would be a critical mistake to implement this code as it is in 1.3.9/2.0.0, so I hope that the above comments will be taken onboard and that Zen Cart won't break standards for overzealous "peace of mind" issues! ;)
All the best...
Conor
Results 1 to 8 of 8
Threaded View
-
21 Jul 2009, 09:15 AM #1
Passed
- Join Date
- Aug 2004
- Location
- Belfast, Northern Ireland
- Posts
- 2,480
- Plugin Contributions
- 14
[Not a bug] Preventative action: bug to be introdiced in 1.3.9/2.0.0
Similar Threads
-
[Not a bug] Tax bug - 1.3.9d - for country states different to where the shop is
By deviouscow in forum Bug ReportsReplies: 4Last Post: 24 Jul 2010, 01:06 PM -
[NOT A BUG] Minor bug in account edit template
By jdcncsolutions in forum Bug ReportsReplies: 3Last Post: 2 May 2010, 01:37 AM -
[Not a bug] Language overwrite bug?
By yellow1912 in forum Bug ReportsReplies: 2Last Post: 23 Jan 2008, 01:00 PM -
[Not a Bug] Bug in zen_truncate_paragraph function
By SilverZulu in forum Bug ReportsReplies: 3Last Post: 21 Dec 2007, 01:11 AM -
[Not a Bug] EZ-Page Links IE bug when first clicking
By NamSingh in forum Bug ReportsReplies: 11Last Post: 25 Dec 2006, 03:40 PM
