AlegroCart open source E-commerce
Web hosting by Host1Plus

Report bugs for version 1.2.8 here

Enter AlegroCart Bugs Here, but if you're not certain, post in General support first.

Re: Report bugs for version 1.2.8 here

Postby Brent » Tue Aug 20, 2013 12:54 pm

That is not a bug, but a security measure. The form has a random key embeded that is created by the contoller. When the form is submitted, the controller compares the key returned to the one it created so ensure they match. This is implemented on many pages in admin to ensure cross site scripting is not possible. In the catalog side, it is only used in the customer account forms. As with most carts, the back button is not a good idea to use when submitting forms.
User avatar
Brent
Site Admin
 
Posts: 4365
Joined: Sat Dec 12, 2009 3:35 pm
Location: Canada eh

Re: Report bugs for version 1.2.8 here

Postby ds_robert » Wed Aug 21, 2013 1:30 am

Many thanks for the explanation Brent :-)

I know little about Internet security or Internet programming, but from the user viewpoint, if I entered valid details (no matter by what route) I would not expect to be given an error message - that would really p*$$ me off. To the ordinary user, this definitely comes across as a system malfunction.

Maybe something to look at in the future?

Having said all that, we have been extensively testing AlegroCart and its various functions and it is, by far, the best shopping cart package we have experience of. A great resource that is really appreciated :-)
ds_robert
 
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Postby leo » Wed Aug 21, 2013 1:47 am

We have to have something against cross site scripting. An error message is much better than to be hacked.
FYI: http://en.wikipedia.org/wiki/Cross-site_scripting

Anyway, the steps you have described seems to me very rare.
May be you could change the error message to something more digestible.
User avatar
leo
admin
 
Posts: 4215
Joined: Sun Dec 13, 2009 8:27 am
Location: Hungary

Re: Report bugs for version 1.2.8 here

Postby ds_robert » Wed Aug 21, 2013 1:58 am

Thanks for your comments Leo.

As I said, I know little about Internet security so fully accept your explanation. And fully agree that we would rather have this minor inconvenience than having our website or database hacked into. It is just that we are looking at the system from a user, rather than a programmer or techie, viewpoint.

And, yes, this is a rather obscure sequence of events, so we guess it will rarely, if ever, happen. We are doing some extensive testing and, if this is the worse we can come up with, it surely says something about the outstanding quality of the package!

Again, we would like to thank the AlegroCart team for such a great product :D
ds_robert
 
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Postby ds_robert » Tue Sep 10, 2013 2:24 am

On the create account webpage we are getting a description of "New Customer" in the "Returning Customer" box.

We have changed the
text_i_am_returning_customer
variable on the
catalog\language\english\controller\account_login.php
file, so it it not a problem for us. Just posting the details here in case anything in the source files needs to be updated.
ds_robert
 
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Postby leo » Tue Sep 10, 2013 3:17 am

I don't know what's wrong there but originally that language file contains this line:
Code: Select all
$_['text_i_am_returning_customer'] = 'I am a returning customer.';
User avatar
leo
admin
 
Posts: 4215
Joined: Sun Dec 13, 2009 8:27 am
Location: Hungary

Re: Report bugs for version 1.2.8 here

Postby ds_robert » Tue Sep 10, 2013 4:12 am

Thanks for the reply Brent, I was just posting to let you know just in case. Perhaps I had corrupted the file here.

As a further thing which one of our customers has complained about, as they go through the checkout process, the have a selection screen for Payment Information. Since we are only using a single payment processor, the customer said it was rather pointless to show a selection screen when there was only one option. Is they a simple way of jumping this display if we continue using only one payment processor?

This is just a "nice to have" and not really a problem for us. We always get pernickety customers :roll:
ds_robert
 
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Postby leo » Tue Sep 10, 2013 6:30 am

My first thoughts:
The checkout_payment.php contains a lot of validation. It must be added/moved to the checkout_confirm.php (if it has been not done yet, so avoid duplicates).
The payment_method is stored in a session variable, this should be hard coded (what your customer uses).
Don't forget to modify the back and continue buttons accordingly.
User avatar
leo
admin
 
Posts: 4215
Joined: Sun Dec 13, 2009 8:27 am
Location: Hungary

Re: Report bugs for version 1.2.8 here

Postby ds_robert » Wed Sep 11, 2013 4:11 am

Many thanks for your feedback Leo.
ds_robert
 
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Postby gob33 » Sat Oct 26, 2013 5:38 am

Description of bug inside shipping methods:

My shipping extension returns a well formated shipping method array, except there is no quote (empty) as that shipping method is not possible for the customer country:
Code: Select all
array
  'id' => string 'colissimo' (length=9)
  'title' => string 'Colissimo&nbsp;<img src="image/shipping/shipping_colissimo_inter.gif" alt="" />' (length=79)
  'quote' =>
    array
      empty
  'tax_class_id' => string '0' (length=1)
  'sort_order' => string '0' (length=1)
  'error' => string 'Pas d'expédition Colissimo disponible vers ce pays.' (length=52)

In that case, it breaks because 'quote' is empty:
Code: Select all
Notice: Undefined index: in ALEGROCART-1.2.8\upload\catalog\template\default\content\checkout_shipping.tpl on line 66


Line 66 is:
Code: Select all
      <?php if($method['quote'][key($method['quote'])]['id'] == $default){?>
      <table class="default_method">
      <?php } else {?>
      <table class="method">
      <?php }?>

No control in the if() on array keys.
Compare with OpenCart 0.7.7 to see these lines have been added there i dont know why ?
Last edited by gob33 on Sun Oct 27, 2013 11:15 am, edited 1 time in total.
gob33
 
Posts: 107
Joined: Wed Apr 07, 2010 3:10 pm

PreviousNext

Return to Bug Reports

Who is online

Users browsing this forum: No registered users and 1 guest

cron