Hi all,
I think there is a bug in admin/banner_manager.php in the
latest zen cart version:
Zen Cart 1.3.8a
Database Patch Level: 1.3.8
and I did some search in the forum and could not locate it somewhere else (I am not sure of that though...)...I apologize if it is reported earlier...
So the code
If I am not mistaken to unlink something you must have write permission to the directory and NOT on the file itself. So we should check if the directory is writable. In the database the whole path is saved so for a solution I propose the following:PHP Code:case 'deleteconfirm':
$banners_id = zen_db_prepare_input($_GET['bID']);
if (isset($_POST['delete_image']) && ($_POST['delete_image'] == 'on')) {
$banner = $db->Execute("select banners_image
from " . TABLE_BANNERS . "
where banners_id = '" . (int)$banners_id . "'");
if (is_file(DIR_FS_CATALOG_IMAGES . $banner->fields['banners_image'])) {
if (is_writeable(DIR_FS_CATALOG_IMAGES . $banner->fields['banners_image'])) {
unlink(DIR_FS_CATALOG_IMAGES . $banner->fields['banners_image']);
} else {
$messageStack->add_session(ERROR_IMAGE_IS_NOT_WRITEABLE, 'error');
}
} else {
$messageStack->add_session(ERROR_IMAGE_DOES_NOT_EXIST, 'error');
}
}
Please examine and confirm.PHP Code://if (is_writeable(DIR_FS_CATALOG_IMAGES . $banner->fields['banners_image'])) {
if (is_writeable(DIR_FS_CATALOG_IMAGES . substr($banner->fields['banners_image'], 0, strripos($banner->fields['banners_image'], '/')) )) {
-----------------------------------------------
Also some "bugs" exist in function zen_trunc_string() in file functions_general.php where substr and strlen functions used are not utf-8 safe, so a utf-8 string is not cut correctly....
Proposed fixes:
PHP Code:function zen_trunc_string($str = "", $len = 150, $more = 'true') {
//--IA--
mb_internal_encoding("UTF-8");
if ($str == "") return $str;
if (is_array($str)) return $str;
$str = trim($str);
// if it's les than the size given, then return it
if (mb_strlen($str) <= $len) return $str;
// else get that size of text
//$str = substr($str, 0, $len);
//--IA--
$str = mb_substr($str, 0, $len);
// backtrack to the end of a word
if ($str != "") {
// check to see if there are any spaces left
if (!substr_count($str , " ")) {
if ($more == 'true') $str .= "...";
return $str;
}
// backtrack
while(mb_strlen($str) && ($str[mb_strlen($str)-1] != " ")) {
$str = mb_substr($str, 0, -1);
}
$str = mb_substr($str, 0, -1);
if ($more == 'true') $str .= "...";
if ($more != 'true' and $more != 'false') $str .= $more;
}
return $str;
}
Please also note that inside several modules (e.g. modules/featured_products) the product description is NOT returned using zen_trunc_string but using substr directly so another proposed fix is the following:
The above should be applied in several modules.....please modify according to your preferences....PHP Code://$products_desc = substr(strip_tags($featured_products->fields['products_description']), 0, 85) . '...';
$products_desc = zen_trunc_string(zen_clean_html(stripslashes(zen_get_products_description($featured_products->fields['products_id'], $_SESSION['languages_id']))), PRODUCT_LIST_DESCRIPTION);
Please examine all the above and confirm.
I thank you so much for your patience and time
Best Regards to all the wonderful people here,
Ioannis Angelopoulos
Results 1 to 2 of 2
Hybrid View
-
10 Jul 2009, 02:46 PM #1
New Zenner
- Join Date
- Nov 2008
- Posts
- 9
- Plugin Contributions
- 0
Bugs in /admin/banner_manager.php and in functions_general.php ??
-
11 Jul 2009, 07:11 PM #2
Sensei
- Join Date
- Jan 2004
- Posts
- 66,443
- Plugin Contributions
- 279
Re: Bugs in /admin/banner_manager.php and in functions_general.php ??
As to file vs folder permissions, while I agree that folder permissions typically indicate what may be done with the file, that is not an absolute certainty. You didn't say whether you're encountering specific problems with the issue and what those problems are, or whether you're just making a suggestion. If you feel it necessary to check the folder permissions, I would suggest *also* checking the file anyway.
Regarding the use of mb_xxxxxx() functions, feel free to use them if your server supports them. The majority of english-based webservers don't have any mb_xxxxx support compiled into their PHP configurations, and thus any attempts to use mb_xxxx() functions will result in fatal errors, and thus not provide any benefit at all..
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Similar Threads
-
v151 *[Done v1.6.0] 2 small bugs in admin/includes/classes/table_block.php
By swguy in forum Bug ReportsReplies: 0Last Post: 10 Mar 2013, 11:11 PM -
PHP 5.20 | Catchable fatal error | queryFactoryResult | functions_general.php
By SarahL in forum General QuestionsReplies: 2Last Post: 17 Aug 2007, 08:19 AM -
406 Error on banner_manager.php?
By bettysue in forum General QuestionsReplies: 1Last Post: 8 Jul 2007, 10:41 AM
