Ultimate SEO v3 (and v2.200) [Support Thread]

[swguy]

I was just about to send you a PR to fix the $value_pair bug and saw you had already fixed it! LOL. Thanks for doing such a great job supporting this plugin.

[wmorris]

I am keeping this addon in mind. I am wondering if the (p-id) can be removed. Like for an example.

From http://yoursite.com/disciples-sacred...nked-p-24.html
to http://yoursite.com/disciples-sacred-lands-linked.html

http://yoursite.com/software-strategy-c-2_20.html to http://yoursite.com/software-strategy.html for the categories.

[carlwhat]

I am keeping this addon in mind. I am wondering if the (p-id) can be removed. Like for an example.

From http://yoursite.com/disciples-sacred...nked-p-24.html
to http://yoursite.com/disciples-sacred-lands-linked.html

http://yoursite.com/software-strategy-c-2_20.html to http://yoursite.com/software-strategy.html for the categories.

no. it can't.

best.

[lat9]

I am keeping this addon in mind. I am wondering if the (p-id) can be removed. Like for an example.

From http://yoursite.com/disciples-sacred...nked-p-24.html
to http://yoursite.com/disciples-sacred-lands-linked.html

http://yoursite.com/software-strategy-c-2_20.html to http://yoursite.com/software-strategy.html for the categories.

no. it can't.

best.

... it can't because the p-24 is the way that USU knows that disciples-sacred-lands-linked refers to a product with the id of 24.

[flappingfish]

git hub issue 42... is there an edge case scenario that could bring that issue back into play?? just updated to latest version of seo urls and using zen 2.1 but when i curl an invalid product id page it returns a 302 and redirects me to the same page until max redirects occurs?

Code:

curl -i "https://crazygamer.uk/index.php?main_page=product_info&products_id=99999"
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 25 Jul 2025 20:46:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.3.23
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-qLVr9z0MAH/e+HLPNjnuQw==' https://js.stripe.com https://*.js.stripe.com https://checkout.stripe.com https://cdn.jsdelivr.net https://cdn-cookieyes.com https://code.jquery.com https://invitejs.trustpilot.com https://www.googletagmanager.com https://kit.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://ka-f.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://kit.fontawesome.com https://ka-f.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; img-src 'self' https://*.stripe.com https://cdn-cookieyes.com https://pictureserver.co.uk data:; connect-src 'self' https://cdn-cookieyes.com https://log.cookieyes.com https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://invitejs.trustpilot.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.stripe.com https://*.js.stripe.com https://r.stripe.com https://api.stripe.com https://checkout.stripe.com https://maps.googleapis.com https://pictureserver.co.uk https://ka-f.fontawesome.com https://pay.google.com; frame-src 'self' https://js.stripe.com https://*.js.stripe.com https://checkout.stripe.com https://hooks.stripe.com; frame-ancestors 'self' https://pay.google.com; object-src 'none'; base-uri 'self';
X-Frame-Options: SAMEORIGIN
Cross-Origin-Opener-Policy: same-origin
Access-Control-Allow-Origin: https://pictureserver.co.uk, https://cookieyes.com, https://invitejs.trustpilot.com/tp.min.js, https://log.cookieyes.com/api/v1/log, https://*.trustpilot.com, https://cdn-cookieyes.com/client_data/ba9e936402c692e98fd2aab7/banner.js
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Location: https://crazygamer.uk/index.php?main_page=product_info&products_id=99999
X-Debug-Test: htaccess-is-working
Vary: User-Agent
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Powered-By: PleskLin

[flappingfish]

git hub issue 42... is there an edge case scenario that could bring that issue back into play?? just updated to latest version of seo urls and using zen 2.1 but when i curl an invalid product id page it returns a 302 and redirects me to the same page until max redirects occurs?

Code:

curl -i "https://crazygamer.uk/index.php?main_page=product_info&products_id=99999"
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 25 Jul 2025 20:46:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.3.23
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-qLVr9z0MAH/e+HLPNjnuQw==' https://js.stripe.com https://*.js.stripe.com https://checkout.stripe.com https://cdn.jsdelivr.net https://cdn-cookieyes.com https://code.jquery.com https://invitejs.trustpilot.com https://www.googletagmanager.com https://kit.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://ka-f.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://kit.fontawesome.com https://ka-f.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; img-src 'self' https://*.stripe.com https://cdn-cookieyes.com https://pictureserver.co.uk data:; connect-src 'self' https://cdn-cookieyes.com https://log.cookieyes.com https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://invitejs.trustpilot.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.stripe.com https://*.js.stripe.com https://r.stripe.com https://api.stripe.com https://checkout.stripe.com https://maps.googleapis.com https://pictureserver.co.uk https://ka-f.fontawesome.com https://pay.google.com; frame-src 'self' https://js.stripe.com https://*.js.stripe.com https://checkout.stripe.com https://hooks.stripe.com; frame-ancestors 'self' https://pay.google.com; object-src 'none'; base-uri 'self';
X-Frame-Options: SAMEORIGIN
Cross-Origin-Opener-Policy: same-origin
Access-Control-Allow-Origin: https://pictureserver.co.uk, https://cookieyes.com, https://invitejs.trustpilot.com/tp.min.js, https://log.cookieyes.com/api/v1/log, https://*.trustpilot.com, https://cdn-cookieyes.com/client_data/ba9e936402c692e98fd2aab7/banner.js
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Location: https://crazygamer.uk/index.php?main_page=product_info&products_id=99999
X-Debug-Test: htaccess-is-working
Vary: User-Agent
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Powered-By: PleskLin

✅ Root Cause:
In init_sanitize.php, the zen_redirect() call was redirecting back to product_info for missing products, re-triggering itself indefinitely.

confirmed fix includes/init_includes/init_sanitize.php around line 247 i edited the function to check if the product id was valid...

Code:

if (isset($_GET['products_id']) && (!isset($_SESSION['check_valid_prod']) || $_SESSION['check_valid_prod'] !== false)) {
    $check_valid = zen_products_id_valid($_GET['products_id']) && !empty($_GET['main_page']);
    if (!$check_valid) {
        $_GET['main_page'] = zen_get_info_page($_GET['products_id']);
        /**
         * do not recheck redirect
         */
        $_SESSION['check_valid_prod'] = false;
       // I CAUSE REDIRECT ERROR zen_redirect(zen_href_link($_GET['main_page'], 'products_id=' . $_GET['products_id']));
        zen_redirect(zen_href_link(FILENAME_PAGE_NOT_FOUND));
    }
}

i implemented the fix on a site yet to actually go live so i prevent pestering customers with faults i create during debug. but the response from curl testing was....

Code:

curl -i "https://testing.uk/index.php?main_page=product_info&products_id=99999"
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 26 Jul 2025 11:09:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/8.3.23
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-K9du9I/aRis2+6Z4paugJQ==' https://js.stripe.com https://cdn.jsdelivr.net https://cdn-cookieyes.com https://code.jquery.com https://invitejs.trustpilot.com https://www.googletagmanager.com https://kit.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://ka-f.fontawesome.com 'unsafe-hashes'; font-src 'self' data: https://fonts.gstatic.com https://kit.fontawesome.com https://ka-f.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; img-src 'self' https://cdn-cookieyes.com https://pictureserver.co.uk https://www.googletagmanager.com data:; connect-src 'self' https://cdn-cookieyes.com https://log.cookieyes.com https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://invitejs.trustpilot.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.stripe.com https://r.stripe.com https://api.stripe.com https://pictureserver.co.uk https://ka-f.fontawesome.com https://pay.google.com; frame-src 'self' https://js.stripe.com; frame-ancestors 'self' https://pay.google.com; object-src 'none'; base-uri 'self';
X-Frame-Options: SAMEORIGIN
Cross-Origin-Opener-Policy: same-origin
Access-Control-Allow-Origin: https://pictureserver.co.uk, https://cookieyes.com, https://invitejs.trustpilot.com/tp.min.js, https://log.cookieyes.com/api/v1/log, https://*.trustpilot.com, https://cdn-cookieyes.com/client_data/ba9e936402c692e98fd2aab7/banner.js
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Location: https://testing.uk/index.php?main_page=page_not_found
X-Debug-Test: htaccess-is-working
Vary: User-Agent
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Powered-By: PleskLin

Any potential issues i have with this fix before i implement it to a live site??

[flappingfish]

I checked a de-activated product next and found the same issue, I added an extra check and now deactivated products 302 to PAGE_NOT_FOUND

Code:

/**
 * validate products_id for search engines and bookmarks, etc.
 */
if (isset($_GET['products_id']) && (!isset($_SESSION['check_valid_prod']) || $_SESSION['check_valid_prod'] !== false)) {
    $check_valid = zen_products_id_valid($_GET['products_id']) && !empty($_GET['main_page']);
    if (!$check_valid) {
        $_GET['main_page'] = zen_get_info_page($_GET['products_id']);
        /**
         * do not recheck redirect
         */
        $_SESSION['check_valid_prod'] = false;
       // zen_redirect(zen_href_link($_GET['main_page'], 'products_id=' . $_GET['products_id']));
        zen_redirect(zen_href_link(FILENAME_PAGE_NOT_FOUND));
    }
}
$_SESSION['check_valid_prod'] = true;

// -----
// Additional check for deactivated products (status = 0)
//
if (isset($_GET['products_id']) && (int)$_GET['products_id'] > 0) {
    $check_status = $db->Execute("SELECT products_status FROM " . TABLE_PRODUCTS . " WHERE products_id = " . (int)$_GET['products_id'] . " LIMIT 1");
    if (!$check_status->EOF && $check_status->fields['products_status'] == '0') {
        header('HTTP/1.1 404 Not Found');
        zen_redirect(zen_href_link(FILENAME_PAGE_NOT_FOUND));
    }
}

[lat9]

@flappingfish, what version of Zen Cart is in use?

[flappingfish]

@flappingfish, what version of Zen Cart is in use?

According to the version checker i'm on 2.1, i've checked a good number of files to make sure i am indeed upgraded and I appear to have all the expected files. I sanity checked and sadly I can replicate this issue by a curl command to other zencart sites i am not responsible for :/

[lat9]

According to the version checker i'm on 2.1, i've checked a good number of files to make sure i am indeed upgraded and I appear to have all the expected files. I sanity checked and sadly I can replicate this issue by a curl command to other zencart sites i am not responsible for :/

What's weird is that one of my clients that's using USU doesn't exhibit this behavior. What template's in use?