Page 5 of 6
Re: Report bugs for version 1.2.8 here
Posted: Tue Aug 20, 2013 12:54 pm
by Brent
That is not a bug, but a security measure. The form has a random key embeded that is created by the contoller. When the form is submitted, the controller compares the key returned to the one it created so ensure they match. This is implemented on many pages in admin to ensure cross site scripting is not possible. In the catalog side, it is only used in the customer account forms. As with most carts, the back button is not a good idea to use when submitting forms.
Re: Report bugs for version 1.2.8 here
Posted: Wed Aug 21, 2013 1:30 am
by ds_robert
Many thanks for the explanation Brent
I know little about Internet security or Internet programming, but from the user viewpoint, if I entered valid details (no matter by what route) I would not expect to be given an error message - that would really p*$$ me off. To the ordinary user, this definitely comes across as a system malfunction.
Maybe something to look at in the future?
Having said all that, we have been extensively testing AlegroCart and its various functions and it is, by far, the best shopping cart package we have experience of. A great resource that is really appreciated
Re: Report bugs for version 1.2.8 here
Posted: Wed Aug 21, 2013 1:47 am
by leo
We have to have something against cross site scripting. An error message is much better than to be hacked.
FYI:
http://en.wikipedia.org/wiki/Cross-site_scripting
Anyway, the steps you have described seems to me very rare.
May be you could change the error message to something more digestible.
Re: Report bugs for version 1.2.8 here
Posted: Wed Aug 21, 2013 1:58 am
by ds_robert
Thanks for your comments Leo.
As I said, I know little about Internet security so fully accept your explanation. And fully agree that we would rather have this minor inconvenience than having our website or database hacked into. It is just that we are looking at the system from a user, rather than a programmer or techie, viewpoint.
And, yes, this is a rather obscure sequence of events, so we guess it will rarely, if ever, happen. We are doing some extensive testing and, if this is the worse we can come up with, it surely says something about the outstanding quality of the package!
Again, we would like to thank the AlegroCart team for such a great product
Re: Report bugs for version 1.2.8 here
Posted: Tue Sep 10, 2013 2:24 am
by ds_robert
On the create account webpage we are getting a description of "New Customer" in the "Returning Customer" box.
We have changed the
text_i_am_returning_customer
variable on the
catalog\language\english\controller\account_login.php
file, so it it not a problem for us. Just posting the details here in case anything in the source files needs to be updated.
Re: Report bugs for version 1.2.8 here
Posted: Tue Sep 10, 2013 3:17 am
by leo
I don't know what's wrong there but originally that language file contains this line:
Code: Select all
$_['text_i_am_returning_customer'] = 'I am a returning customer.';
Re: Report bugs for version 1.2.8 here
Posted: Tue Sep 10, 2013 4:12 am
by ds_robert
Thanks for the reply Brent, I was just posting to let you know just in case. Perhaps I had corrupted the file here.
As a further thing which one of our customers has complained about, as they go through the checkout process, the have a selection screen for Payment Information. Since we are only using a single payment processor, the customer said it was rather pointless to show a selection screen when there was only one option. Is they a simple way of jumping this display if we continue using only one payment processor?
This is just a "nice to have" and not really a problem for us. We always get pernickety customers
Re: Report bugs for version 1.2.8 here
Posted: Tue Sep 10, 2013 6:30 am
by leo
My first thoughts:
The checkout_payment.php contains a lot of validation. It must be added/moved to the checkout_confirm.php (if it has been not done yet, so avoid duplicates).
The payment_method is stored in a session variable, this should be hard coded (what your customer uses).
Don't forget to modify the back and continue buttons accordingly.
Re: Report bugs for version 1.2.8 here
Posted: Wed Sep 11, 2013 4:11 am
by ds_robert
Many thanks for your feedback Leo.
Re: Report bugs for version 1.2.8 here
Posted: Sat Oct 26, 2013 5:38 am
by gob33
Description of bug inside shipping methods:
My shipping extension returns a well formated shipping method array, except there is no quote (empty) as that shipping method is not possible for the customer country:
Code: Select all
array
'id' => string 'colissimo' (length=9)
'title' => string 'Colissimo <img src="image/shipping/shipping_colissimo_inter.gif" alt="" />' (length=79)
'quote' =>
array
empty
'tax_class_id' => string '0' (length=1)
'sort_order' => string '0' (length=1)
'error' => string 'Pas d'expédition Colissimo disponible vers ce pays.' (length=52)
In that case, it breaks because 'quote' is empty:
Code: Select all
Notice: Undefined index: in ALEGROCART-1.2.8\upload\catalog\template\default\content\checkout_shipping.tpl on line 66
Line 66 is:
Code: Select all
<?php if($method['quote'][key($method['quote'])]['id'] == $default){?>
<table class="default_method">
<?php } else {?>
<table class="method">
<?php }?>
No control in the if() on array keys.
Compare with OpenCart 0.7.7 to see these lines have been added there i dont know why ?