Reviews Link

[Bruce1952]

Hi All,

Server Information:
Server Host: p3plzcpnl503484.prod.phx3.secureserver.net (xxxxxxxx)
Database: xxxx_live158Store
Home: /home/xxxxxxxx/public_html/Server
OS: Linux 4.18.0-477.27.2.lve.el8.x86_64
Server Date: 16/11/2023 13:01:38
Server Up Time: Disabled/UnavailableHTTP
Server: ApachePHP
Version: 8.0.30 (Zend: 4.0.30)PHP
File Uploads: OnUpload
Max Size: 1024MPHP
Memory Limit: -1POST
Max Size: 1024M
Database Engine: MySQL 10.6.14-MariaDB-cll-lveDatabase
Host: localhost (127.0.0.1)
Database Date: 16/11/2023 13:01:38
Database Data Size: 245,288 kBDatabase
Index Size: 36,309 kBMySQL Slow Query Log
Status: OffMySQL Slow Query
Log File: p3plzcpnl503484-slow.log
MySQL Mode: NO_ENGINE_SUBSTITUTIONView the database configuration variables

I am trying to find the link location for the reviews because on my live site that is running 1.5.5E the link in the side box is coming up as https://www.outdoorking.com/reviews?...dbmvded3vd6pn7 HTTP Error 500

I am wanting to put a link-up on the new site to the reviews, which has 1.5.8a version

Any help to the correct link for the 1.5.8a version would be a great help.

[Bruce1952]

This is the error message that I am getting

[18-Nov-2023 12:49:24 Australia/Sydney] Request URI: /reviews?zenid=cmn3fsvroajkdbmvded3vd6pn7, IP address: 45.125.247.xxx
--> PHP Fatal error: Cannot redeclare securityPatchSanitizePostVariableId() (previously declared in /home/xxxx/public_html/includes/extra_configures/security_patch_v138_20080919.php:33) in /home/xxxx/public_html/includes/extra_configures/security_patch_v138_20080919.php on line 33.

That is for the 1.5.5e version of zencart

[lat9]

I'll suggest searching for securityPatchSanitizePostVariableId using the zc155e admin's Tools :: Developer's Tool Kit. For zc155e, the only place that that function's definition is present is in the /includes/extra_configures/security_patch_v138_20080919.php file.

Whatever module that also shows up in should have that function removed ... possibly a copy of the above file?

P.S. Please don't intermix multiple unrelated questions in a single thread; it'll make it much more difficult for someone with the same problem to find matching reports.

[Bruce1952]

I'll suggest searching for securityPatchSanitizePostVariableId using the zc155e admin's Tools :: Developer's Tool Kit. For zc155e, the only place that that function's definition is present is in the /includes/extra_configures/security_patch_v138_20080919.php file.

Whatever module that also shows up in should have that function removed ... possibly a copy of the above file?

P.S. Please don't intermix multiple unrelated questions in a single thread; it'll make it much more difficult for someone with the same problem to find matching reports.

I removed the other files and now I am getting a blank page here https://www.outdoorking.com/reviews

Am I missing something?

[lat9]

You've got a myDEBUG*.log file that is waiting patiently to tell you what's going on with that whitescreen.

[Bruce1952]

You've got a myDEBUG*.log file that is waiting patiently to tell you what's going on with that whitescreen.

This is the log
[19-Nov-2023 10:55:27 Australia/Sydney] Request URI: /reviews?zenid=cmn3fsvroajkdbmvded3vd6pn7, IP address: 66.249.83.196
--> PHP Fatal error: Cannot redeclare securityPatchSanitizePostVariableId() (previously declared in /home/xxxx/public_html/includes/extra_configures/security_patch_v138_20080919.php:33) in /home/xxxx/public_html/includes/extra_configures/security_patch_v138_20080919.php on line 33.

This is what is in the original file and I removed line 33 but still the same.
<?php
/**
* Security Patch v1.3.8 20080919
*
* @package initSystem
* @copyright Copyright 2003-2010 Zen Cart Development Team
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: security_patch_v138_20080919.php 15882 2010-04-11 16:37:54Z wilt $
*/
/**
* Security Patch
*
* Multiple Vulnerabilities
*
* SQL Injection - $_POST['products_id']
* SQL Injection - $_POST['id']
*
* Please Note : This file should be placed in includes/extra_configures and will automatically load.
*
*/
if (isset($_POST['id']) && is_array($_POST['id']) && count($_POST['id']) > 0)
{
$_POST['id'] = securityPatchSanitizePostVariableId($_POST['id']);
}
if (isset($_POST['products_id']) && is_array($_POST['products_id']) && count($_POST['products_id']) > 0)
{
$_POST['products_id'] = securityPatchSanitizePostVariableProductsId($_POST['products_id']);
}
if (isset($_POST['notify']) && is_array($_POST['notify']) && count($_POST['notify']) > 0)
{
$_POST['notify'] = securityPatchSanitizePostVariableProductsId($_POST['notify']);
}
function securityPatchSanitizePostVariableId ($arrayToSanitize)
{
foreach ($arrayToSanitize as $key => $variableToSanitize)
{
{
if (is_integer($key))
{
if (is_array($arrayToSanitize[$key]))
{
$arrayToSanitize[$key] = securityPatchSanitizePostVariableId($arrayToSanitize[$key]);
}
else
{
$arrayToSanitize[$key] = (int) $variableToSanitize;
}
}
}
if (preg_replace('/[0-9a-zA-z:_]/', '', $key) != '')
unset($arrayToSanitize[$key]);
}
return $arrayToSanitize;
}
function securityPatchSanitizePostVariableProductsId ($arrayToSanitize)
{
foreach ($arrayToSanitize as $key => $variableToSanitize)
{
{
$arrayToSanitize[$key] = preg_replace('/[^0-9a-fA-F:.]/', '', $variableToSanitize);
}
if (preg_replace('/[0-9a-zA-z_:.]/', '', $key) != '')
unset($arrayToSanitize[$key]);
}
return $arrayToSanitize;
}

[Bruce1952]

?Does anyone have an answer to my last post

[balihr]

Use the Developers Toolkit and search all files for "function securityPatchSanitizePostVariableId" (without quotation marks). It's probably being declared elsewhere. Depending on where, you can leave the "main" one as is, and the others could be wrapped in

Code:

if(!function_exists('securityPatchSanitizePostVariableId')) {
    // function here
}

[Bruce1952]

Use the Developers Toolkit and search all files for "function securityPatchSanitizePostVariableId" (without quotation marks). It's probably being declared elsewhere. Depending on where, you can leave the "main" one as is, and the others could be wrapped in

Code:

if(!function_exists('securityPatchSanitizePostVariableId')) {
    // function here
}

That gave me a blank main page and the only file that came up was this one doing the search: /home/xxxx/public_html/includes/extra_configures/security_patch_v138_20080919.php

I changed line 33 and then got the blank main page. I then had to change back to get my main page to show.

This is proving to be a real pain in the but trying to fix the issue with the link to the reviews page.

Would it be better to just remove the security patch totally?

[lat9]

Since that file is not part of the zc158 distribution, it can be safely removed.