Page 288 of 506 FirstFirst ... 188238278286287288289290298338388 ... LastLast
Results 2,871 to 2,880 of 5054
  1. #2871
    Join Date
    Apr 2009
    Posts
    7
    Plugin Contributions
    0

    Default Re: Simple SEO URL [support thread]

    Managed a temporary fix-

    That image wasn't actually there. Have had to create that path and move an image there, so it's working for now.

    I think I may have uploaded some files to the wrong directory, so will take a look through the FTP logs now and see if anything went wrong on my part.

    Thank you for your quick reply

  2. #2872
    Join Date
    Nov 2008
    Posts
    22
    Plugin Contributions
    0

    Default Re: Simple SEO URL [support thread]

    It seems the latest version is not available to download in this forum.
    Could anybody offer the latest version ?
    Thanks in advance.

  3. #2873
    Join Date
    Oct 2006
    Posts
    5,477
    Plugin Contributions
    11

    Default Re: Simple SEO URL [support thread]

    Quote Originally Posted by preman View Post
    It seems the latest version is not available to download in this forum.
    Could anybody offer the latest version ?
    Thanks in advance.
    http://public.rubikintegration.com/
    I no longer provide installation support on forum for all my modules. However, if there are real bugs with the modules please feel free to contact me

  4. #2874
    Join Date
    May 2008
    Posts
    37
    Plugin Contributions
    0

    Default Re: Simple SEO URL [support thread]

    Hi there,

    I've had this mod installed for a while now and everything is working great. I use the McAfee Secure service on our site and recently it's been catching vulnerabilities as a result of some apostrophes being placed in the url....

    The test tries to launch the following URL ...

    http://www.kids-n-cribs.com/?main_pa...ab5mj8l2kcj926

    and the page returns the following error message:

    1222 The used SELECT statements have a different number of columns
    in:
    [SELECT manufacturers_name FROM manufacturers WHERE manufacturers_id ='1 union select 1,' union select 1,'']


    It's being caught as a vulnerability as it's revealing information about the underlying database.

    Is there something I can do to catch these types of URL injections before they actually hit the database?

    Thanks, Bryan
    Bryan
    Destination Baby & Kids - https://www.destinationbabykids.com

  5. #2875
    Join Date
    Oct 2006
    Posts
    5,477
    Plugin Contributions
    11

    Default Re: Simple SEO URL [support thread]

    This really has nothing to do with ssu, i guess you better check your zencart version.
    I no longer provide installation support on forum for all my modules. However, if there are real bugs with the modules please feel free to contact me

  6. #2876
    Join Date
    May 2008
    Posts
    37
    Plugin Contributions
    0

    Default Re: Simple SEO URL [support thread]

    Quote Originally Posted by yellow1912 View Post
    This really has nothing to do with ssu, i guess you better check your zencart version.
    I'm using the most recent zencart and have an identical site running the same version, less the ssu that's not having the problem.

    Do you have any ideas as to where this might be able to be fixed?
    Bryan
    Destination Baby & Kids - https://www.destinationbabykids.com

  7. #2877
    Join Date
    Oct 2006
    Posts
    5,477
    Plugin Contributions
    11

    Default Re: Simple SEO URL [support thread]

    Editing: give me 5 mins to check
    Just to make sure, please download 3.6.6 from the server (redownload even if you already have it). And then upload again
    Last edited by yellow1912; 11 Apr 2009 at 06:57 PM.
    I no longer provide installation support on forum for all my modules. However, if there are real bugs with the modules please feel free to contact me

  8. #2878
    Join Date
    May 2008
    Posts
    37
    Plugin Contributions
    0

    Default Re: Simple SEO URL [support thread]

    Quote Originally Posted by yellow1912 View Post
    Editing: give me 5 mins to check
    Just to make sure, please download 3.6.6 from the server (redownload even if you already have it). And then upload again
    I've upgraded to 3.6.6 on our test site.

    There is still an error message, but it's changed a bit

    http://www.kids-n-cribs.info/?main_p...ab5mj8l2kcj926

    1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'union select 1,'/%' ) AND status = 1 ORDER BY length(link_alias) DESC' at line 1
    in:
    [SELECT DISTINCT link_url, link_alias FROM links_aliases WHERE (link_url LIKE '%/manufacturers_id/%' OR link_url LIKE '%/1 union select 1,' union select 1,'/%' ) AND status = 1 ORDER BY length(link_alias) DESC]
    Any other thoughts?

    Edit: I went ahead and turned off SSU on our test site and the same link no longer displays an error message, but simply takes you to the home page and says there are no products to display in this category.
    Last edited by bfmarini; 12 Apr 2009 at 04:39 AM.
    Bryan
    Destination Baby & Kids - https://www.destinationbabykids.com

  9. #2879
    Join Date
    Oct 2006
    Posts
    5,477
    Plugin Contributions
    11

    Default Re: Simple SEO URL [support thread]

    Huhm, weird, since I cant duplicate it, but try this

    go to includes/classes/ssu/cores/alias.php

    Find
    PHP Code:
    $name "/$name/";
                
    $_name "/$_name/"
    Replace by
    PHP Code:
                $name zen_db_input("/$name/");
                
    $_name zen_db_input("/$_name/");
                
    $id zen_db_input($id); 
    I no longer provide installation support on forum for all my modules. However, if there are real bugs with the modules please feel free to contact me

  10. #2880
    Join Date
    May 2008
    Posts
    37
    Plugin Contributions
    0

    Default Re: Simple SEO URL [support thread]

    I made that change but the problem is still there.

    I turned SSU back on, so you should see the error if you use this URL:

    From the error message, it looks like the SQL error is getting thrown in this group of code

    // Aliases needed to be loaded on demand
    static function retrieveAliasesOnDemand($params, $field, $compare, $links, $aliases, $status=null){
    $elements_to_query = array_diff(explode('/',$params), self::$$compare);
    if(count($elements_to_query) > 0) {
    foreach($elements_to_query as $element){
    $conditions[] = "$field LIKE '%/$element/%' ";
    }
    $conditions = implode(' OR ', $conditions);
    $query_string = 'SELECT DISTINCT link_url, link_alias FROM '.TABLE_LINKS_ALIASES." WHERE ($conditions)";
    $query_string .= !empty($status) ? " AND status = $status" : '';
    $query_string .= " ORDER BY length(link_alias) DESC";
    global $db;
    $alias_result = $db->Execute($query_string);
    while(!$alias_result->EOF){
    array_push(self::$$aliases, $alias_result->fields['link_alias']);
    array_push(self::$$links, $alias_result->fields['link_url']);
    $alias_result->MoveNext();
    }
    }
    }
    Specifically where the SELECT DISTINCT ... .query is being created. Is there a way to sanitize the data as it's building the conditions array?
    Bryan
    Destination Baby & Kids - https://www.destinationbabykids.com

 

 

Similar Threads

  1. v151 Simple SEO URLs for ZC 1.5.x [Support Thread]
    By cvhainb in forum All Other Contributions/Addons
    Replies: 46
    Last Post: 8 Jun 2022, 09:42 AM
  2. Simple SEO URL, Ultimate SEO URLs, Ceon URI Mapping SEO
    By pizza392 in forum All Other Contributions/Addons
    Replies: 13
    Last Post: 21 Jan 2015, 10:49 AM
  3. How do I tell what version my Simple SEO URL addon mod, and others, are?
    By kevinmc3 in forum All Other Contributions/Addons
    Replies: 0
    Last Post: 6 May 2010, 01:32 AM
  4. Can't create new thread in Simple SEO URL forum
    By gseiber in forum General Questions
    Replies: 1
    Last Post: 3 Apr 2010, 01:56 PM
  5. Re: Simple SEO URL [support thread]
    By creamcrackers in forum General Questions
    Replies: 2
    Last Post: 16 Aug 2009, 03:02 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR