How do you go about updating a UMM copy of Ceon? It's not clear to me that ceon.net is still operating.
How do you go about updating a UMM copy of Ceon? It's not clear to me that ceon.net is still operating.
That Software Guy. My Store: Zen Cart Modifications
Available for hire - See my ad in Services
Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
Do you benefit from Zen Cart? Then please support the project.
I usually get a reply when I query something.
Steve
github.com/torvista: Spanish Language Pack, Google reCaptcha, Structured Data, Multiple Copy-Move-Delete, Image Checker, BackupMySQL Admin/Auto...
OK I'll try again.
That Software Guy. My Store: Zen Cart Modifications
Available for hire - See my ad in Services
Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
Do you benefit from Zen Cart? Then please support the project.
I've experienced issues with URI Mapping on ZC 1.5.8
EZ-pages rewrites don't work correctly. Although the correct url is applied to the link in the header, when clicked it simply reloads the admin page.
Tried again using a fresh install of 1.5.8 and URI 5.1.0 to ensure it wasn't caused by some other edits, but the same issue.
Can anyone else confirm this?
@swguy Are you aware of any changes in 1.5.8 that would impact on URI Mapping functionality?
That'll teach me to not read the thread fully. I see it was reported by neekfenwick a while ago on https://github.com/zencart/zencart/issues/5366 and a solution was provided by lat9.
That Software Guy. My Store: Zen Cart Modifications
Available for hire - See my ad in Services
Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
Do you benefit from Zen Cart? Then please support the project.
There is an XSS vulnerability in this. Patch below.
manufacturers_id one is definitely exploitable, other ones I added to be safe, not sure if they are sanitized elsewhere.
Code:+++ new/includes/classes/class.CeonURIMappingHandler.php 2023-05-25 12:26:02.822504000 -0700 @@ -408,7 +408,7 @@ // A product review's page needs the ID included as part of the canonical URI if (defined('FILENAME_PRODUCT_REVIEWS_INFO') && $main_page == FILENAME_PRODUCT_REVIEWS_INFO && isset($_GET['reviews_id'])) { - $ceon_uri_mapping_canonical_uri .= '?reviews_id=' . $_GET['reviews_id']; + $ceon_uri_mapping_canonical_uri .= '?reviews_id=' . (int)$_GET['reviews_id']; } if (isset($GLOBALS['zco_notifier'])) { $GLOBALS['zco_notifier']->notify('CEON_CLASS_HANDLER_HANDLE_STATIC_URI_END', compact('mapping_info', 'uri_to_match')); @@ -689,11 +689,13 @@ global $ceon_uri_mapping_canonical_uri; $ceon_uri_mapping_canonical_uri = HTTP_SERVER . DIR_WS_CATALOG . - 'index.php?main_page=index&manufacturers_id=' . $_GET['manufacturers_id']; + 'index.php?main_page=index&manufacturers_id=' . (int)$_GET['manufacturers_id']; } else if (isset($_GET['typefilter']) && $_GET['typefilter'] != '' && isset($_GET[$_GET['typefilter'] . '_id']) && $_GET[$_GET['typefilter'] . '_id'] != '') { global $ceon_uri_mapping_canonical_uri; + + $_GET['typefilter'] = htmlspecialchars($_GET['typefilter']); $ceon_uri_mapping_canonical_uri = HTTP_SERVER . DIR_WS_CATALOG . 'index.php?main_page=index' . '&typefilter=' . $_GET['typefilter'] . '&' . $_GET['typefilter'] . '_id=' .
Would someone please PR to https://github.com/JSWebSteve/Ceon-URI-Mapping-V5.1.0
That Software Guy. My Store: Zen Cart Modifications
Available for hire - See my ad in Services
Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
Do you benefit from Zen Cart? Then please support the project.
ok, done
Steve
github.com/torvista: Spanish Language Pack, Google reCaptcha, Structured Data, Multiple Copy-Move-Delete, Image Checker, BackupMySQL Admin/Auto...
Bookmarks