Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13
  1. #11
    Join Date
    Jan 2004
    N of San Antonio TX
    Plugin Contributions

    Default Re: Question about replacing [Get]s in addon code for 1.5

    Still trying to wrap my head around this.
    Know that it works with 1.5 without the "monitors" shutting it down a la IH3.
    Nest stop.... The 37 $_GET calls in ih_manager.php
    Did you read the posting tips?!?
    Responsive Color Changes for 155 demo here.

  2. #12
    Join Date
    May 2006
    Charlottesville VA
    Plugin Contributions

    Default Re: Question about replacing [Get]s in addon code for 1.5

    I just have to have some more specifics about this! Just not feeling confident of my understanding.

    For example, this line: $action = (isset($_GET['action']) ? $_GET['action'] : ''); has nothing to do with the actual database changes - it's just picking up what the action is. Same for this: switch($_GET['action'])

    This one sets the form action as get and not post: <?php echo zen_draw_form('clean_cross', FILENAME_CROSS_SELL_PRODUCTS, 'action=select_cross_sell', 'get'); ?> But it looks like it's just trying to choose which table to work on and works no changes on the database

    This one uses post so is not a problem <?php echo zen_draw_form('clean_cross', FILENAME_CROSS_SELL_PRODUCTS, 'action=cleancross_sell', 'post'); ?> Looks like all of the actions that make database changes are done that way.

    This one changes the database but is not part of a form per se though must be the result of that choice of table mentioned before:

    if(defined('CROSS_SELL_ENABLED') ) {

    if (isset($_GET['select_cross_sell'])) {
    $cross_sell_edit = ($_GET['select_cross_sell']);
    $db->Execute("UPDATE " . TABLE_CONFIGURATION .
    " set configuration_value = $cross_sell_edit
    WHERE configuration_key = 'CROSS_SELL_SELECTED_TABLE'" );

    So my conclusion is that no changes are necessary. Does that sound right?

  3. #13
    Join Date
    Jun 2012
    Plugin Contributions

    Default Re: Question about replacing [Get]s in addon code for 1.5

    I must ask for a little help.

    I am trying to update a sales tax mod to protect against the $_get vulnerability, but am not quite able to find the correct change for the section of code listed below. Any guidance / help would be appreciated. I have this mod working (locally on a test machine) with Zen Cart 1.5, but wanted to update this section before posting the changes.

    The sample below is but one of four pieces that do insert, save, update, and delete. All have the same format, so once one of them are updated the others should be easy.
    In-case your interested in the mod I am looking at updating, this is the link. (Local Sales Tax Mod)

    First is a question, does this code even need to be updated, I believe it does based on what I have read in the forum...
    Second, if it does, what changes will make this work (I understand I will have update the post back from get to post etc. when this is updated).

    PHP Code:

    [] = array('text' => '<b>' TEXT_INFO_HEADING_NEW_LOCAL_SALES_TAX '</b>');

    $contents = array('form' => zen_draw_form('local_sales_tax'FILENAME_LOCAL_SALES_TAXES'page=' $_GET['page'] . '&action=insert'));
    $contents[] = array('text' => TEXT_INFO_INSERT_INTRO);
    $contents[] = array('text' => '<br>' TEXT_INFO_COUNTRY '<br>' zen_draw_pull_down_menu('zone_country_id'zen_get_countries(TEXT_ALL_COUNTRIES), '''onChange="update_zone(this.form);"'));
    $contents[] = array('text' => '<br>' TEXT_INFO_COUNTRY_ZONE '<br>' zen_draw_pull_down_menu('zone_id'zen_prepare_country_zones_pull_down()));
    $contents[] = array('text' => '<br>' TEXT_INFO_TAX_RATE '<br>' zen_draw_input_field('tax_rate'));
    $contents[] = array('text' => '<br>' TEXT_INFO_FIELDMATCH '<br>' zen_draw_pull_down_menu('tax_fieldmatch'$za_lookup));
    $contents[] = array('text' => '<br>' TEXT_INFO_DATAMATCH '<br>' zen_draw_textarea_field('tax_datamatch'false354));
    $contents[] = array('text' => '<br>' TEXT_INFO_RATE_DESCRIPTION '<br>' zen_draw_input_field('tax_description'));
    $contents[] = array('text' => '<br />' TEXT_INFO_TAX_SHIPPING '<br />' zen_draw_radio_field('tax_shipping''false'true) . ' ' TEXT_TAX_SHIPPING_FALSE '<br />' zen_draw_radio_field('tax_shipping''true') . ' ' TEXT_TAX_SHIPPING_TRUE);
    $contents[] = array('text' => '<br>' TEXT_INFO_TAX_CLASS_TITLE '<br>' zen_tax_classes_pull_down('name="tax_class_id" style="font-size:10px"'));
    $contents[] = array('align' => 'center''text' => '<br>' zen_image_submit('button_insert.gif'IMAGE_INSERT) . '&nbsp;<a href="' zen_href_link(FILENAME_LOCAL_SALES_TAXES'page=' $_GET['page']) . '">' zen_image_button('button_cancel.gif'IMAGE_CANCEL) . '</a>');

    //As I see it the following line needs to be updated.
    $contents = array('form' => zen_draw_form('local_sales_tax'FILENAME_LOCAL_SALES_TAXES'page=' $_GET['page'] . '&action=insert'));

    //And, this one might need to be updated.
    $contents[] = array('align' => 'center''text' => '<br>' zen_image_submit('button_insert.gif'IMAGE_INSERT) . '&nbsp;<a href="' zen_href_link(FILENAME_LOCAL_SALES_TAXES'page=' $_GET['page']) . '">' zen_image_button('button_cancel.gif'IMAGE_CANCEL) . '</a>'); 
    Thanks in advance for any suggestions / help.



Page 2 of 2 FirstFirst 12

Similar Threads

  1. Looking for redeem code Addon
    By shabizon in forum Addon Payment Modules
    Replies: 3
    Last Post: 2 Dec 2010, 08:38 PM
  2. zip code disappears on create account reset - How Did you Hear addon
    By honeypot in forum All Other Contributions/Addons
    Replies: 4
    Last Post: 27 Jan 2010, 11:47 PM
  3. Replacing logo.gif question
    By InitialImpressions in forum Basic Configuration
    Replies: 3
    Last Post: 21 Nov 2008, 06:23 AM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Zen-Cart, Internet Selling Services, Klamath Falls, OR