http://www.opencart.com/index.php?route ... order=DESC
This topic will also be useful for support when required. Whatever you do when you ask support, do NOT post the generated token ID with it for your own safety and your customers.
Followed are information about what CSRF attackers may collect from websites or via an API: https://www.owasp.org/index.php/Cross-S ... heat_Sheet
[Update: 2021-01-22]: viewtopic.php?f=23&t=51859&start=280#p811611 .
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
- BugFix: Module contributors were ending up with the module setting key with a duplicated key of the CSRF name and value in the setting table. The duplication has now been removed.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Could not resolve path for [admin/view/template/localisation/manufacturer_class_form.tpl]
Could not resolve path for [admin/view/template/localisation/manufacturer_class_list.tpl]
Could not resolve path for [admin/view/template/tool/sqlpatch.tpl] < ---------this wasn't exist in directory
Could not resolve path for [catalog/view/theme/default/template/edit/affiliate.tpl]
Could not resolve path for [catalog/view/theme/default/template/edit/forgotten.tpl]
Could not resolve path for [catalog/view/theme/default/template/edit/login.tpl]
Could not resolve path for [catalog/view/theme/default/template/edit/password.tpl]
Could not resolve path for [catalog/view/theme/default/template/edit/payment.tpl]
Could not resolve path for [catalog/view/theme/default/template/edit/register.tpl]
Could not resolve path for [catalog/view/theme/default/template/checkout/voucher.tpl]
Could not resolve path for [catalog/view/theme/default/template/payment/asiapay.tpl]
Could not resolve path for [catalog/view/theme/default/template/payment/authorizenet_sim_index.tpl]
SEARCH NOT FOUND (ABORTING MOD): $this->db->query("INSERT INTO " . DB_PREFIX . "setting SET store_id = '" . (int)$store_id . "', `group` = '" . $this->db->escape($group) . "', `key` = '" . $this->db->escape($key) . "', `value` = '" . $this->db->escape($value) . "', serialized = '0'");
second when click on any link in admin error
Fatal error: Call to a member function csrf_form_input() on a non-object in /home/vqmod/vqcache/vq2-admin_view_template_setting_store_list.tpl on line 22
any solution ? version 1.5.2.1
Code: Select all
<operation>
<search position="after"><![CDATA[$this->db->query("INSERT INTO " . DB_PREFIX . "setting SET store_id = '" . (int)$store_id . "', `group` = '" . $this->db->escape($group) . "', `key` = '" . $this->db->escape($key) . "', `value` = '" . $this->db->escape($value) . "', serialized = '0'");]]></search>
<add><![CDATA[
}
]]>
</add>
</operation>
Code: Select all
<operation>
<search position="after"><![CDATA[$this->db->query("INSERT INTO " . DB_PREFIX . "setting SET store_id = '" . (int)$store_id . "', `group` = '" . $this->db->escape($group) . "', `key` = '" . $this->db->escape($key) . "', `value` = '" . $this->db->escape($value) . "'");]]></search>
<add><![CDATA[
}
]]>
</add>
</operation>
As for the TPL error, of course, the line couldn't be tracked so no specific way for the CSRF object to be found from that point. The correction above should take care of the problem.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
If I understood the previous posts correctly, these javascript POSTS also would need some kind of csrf-code addition to function properly? (like with <form, the <?php echo $this->csrf->csrf_form_input(); ?> code-addition)
The parts I think need the addition are located in product.tpl near lines 339&340 and 415&416 in default-theme, and perhaps(may vary if other code additions) in custom theme(in my case Carbon) near lines 328&329, 404&405. Line numbers taken from Notepad++. Code parts in question:
Code: Select all
url: 'index.php?route=checkout/cart/add',
type: 'post',
Code: Select all
url: 'index.php?route=product/product/write&product_id=<?php echo $product_id; ?>',
type: 'post',
ps. had still some forms(in checkout/cart.tpl) without the <?php echo $this->csrf->csrf_form_input(); ?> -code, but now really in need of help. Well back to to wondering what I have missed.
Code: Select all
<?php echo $this->csrf->csrf_form_input(); ?>
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
As i said in the market:
I use OC 1.5.3.1 and i get this when trying to login in admin:
Fatal error: Call to a member function csrf_form_input() on a non-object in /home/netvoltr/public_html/vqmod/vqcache/vq2-admin_view_template_common_login.tpl on line 16
Why? THX!!!
I have tryed what u have wrote a little bit up but no succes, i only use VQmod for captcha code when login as admin. Nothing else motified from core.
Modifying files from core can affect the line target where the XML needs to add content into the vqcache files which I believe may be the reason why you're currently seeing this error message.Nothing else motified from core.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
replace:
Code: Select all
final class
Code: Select all
class
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Users browsing this forum: No registered users and 89 guests