Jump to content

3.0.8 Shared SSL Fix

Al Brookbanks

By Al Brookbanks
in Technical Help

 Share

Recommended Posts

Al Brookbanks Proficient

Al Brookbanks

Posted
Posted

Hi,

A method of fixing a security hole in 3.0.6 caused the declaration of a variable too early causing shared SSL to fail.

Please either upload the attached file over your existing /includes/session.inc.php

Or replace:

	$_GET['ccUser'] = treatGet($_GET['ccUser']);

	$_COOKIE['ccUser'] = treatGet($_COOKIE['ccUser']);

	

	if(isset($_COOKIE['ccUser'])){

	

		$sessId = base64_decode($_COOKIE['ccUser']);

	

	} elseif(isset($_GET['ccUser'])){

	

		$sessId = $_GET['ccUser'];

	

	}
  



With:

	if(isset($_COOKIE['ccUser'])){



		$_COOKIE['ccUser'] = treatGet($_COOKIE['ccUser']);

		$sessId = base64_decode($_COOKIE['ccUser']);

	

	} elseif(isset($_GET['ccUser'])){



		$_GET['ccUser'] = treatGet($_GET['ccUser']);

		$sessId = $_GET['ccUser'];

	

	}

session.inc.php

Link to comment
Share on other sites

Guest niko18

Guest niko18

Posted
Posted

It fixed for me too so far now. But the only thing now is i get errors in the admin menu...

Warning: main(home/nt7gniko/public_html/upload//classes/db.inc.php): failed to open stream: No such file or directory in /home/.garfy/nt7gniko/discountaudio101.com/upload/admin/includes/auth.inc.php on line 53

Warning: main(): Failed opening 'home/nt7gniko/public_html/upload//admin/includes/navigation.inc.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/.garfy/nt7gniko/discountaudio101.com/upload/admin/includes/header.inc.php on line 57

Link to comment
Share on other sites
Guest walmarc

Guest walmarc

Posted
Posted

It fixed for me too so far now. But the only thing now is i get errors in the admin menu...

Warning: main(home/nt7gniko/public_html/upload//classes/db.inc.php): failed to open stream: No such file or directory in /home/.garfy/nt7gniko/discountaudio101.com/upload/admin/includes/auth.inc.php on line 53

Warning: main(): Failed opening 'home/nt7gniko/public_html/upload//admin/includes/navigation.inc.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/.garfy/nt7gniko/discountaudio101.com/upload/admin/includes/header.inc.php on line 57

I'm thinking the above works for a shared SSL but stuffs up CC for those who have a dedicated SSL. That is my experience - had to revert to the 3.0.8 file!

Link to comment
Share on other sites
Guest vrakas

Guest vrakas

Posted
Posted

3.09 has this fix included but i still have problems with shared SSL.

Adds fine but when i go to view the cart "no items" when i go out of the cart they are there.

IE does this but FF works fine ;)

Link to comment
Share on other sites
Guest aikdo

Guest aikdo

Posted
Posted

Some Browsers (EG Internet Explorer) will not allow one domain to set a cookie to be read by another even if you strictly request it too...

I think though im not 100% sure about this that M$ fixed this in v7 but from what i can gather without turning you whole store into a SSL nightmare you cant add items to the basket on your normal domain then view them on your true domain...

maybe someone can correct me on this if they now have shared SSL working on thier site...

(NOTE: this doesn't affect Dedicated SSL as it is on the same domain)

Link to comment
Share on other sites
Guest vrakas

Guest vrakas

Posted
Posted

Thanks aikdo for your reply,

even if ver7 of IE is out we cannot make customers upgrade (due to various reasons such as hardware, dont know how etc) and as soon as they find a problem 99% of them will go away :alien:

Link to comment
Share on other sites
  • 2 weeks later...
Guest mashurst

Guest mashurst

Posted
Posted

Thanks aikdo for your reply,

even if ver7 of IE is out we cannot make customers upgrade (due to various reasons such as hardware, dont know how etc) and as soon as they find a problem 99% of them will go away :)

I thought my problem was gone, but then two customers in a row called me to place phone orders and then described the problem. Now, I don't know what to do. I am commited to cubecart mentally and financially, so I want to see this through very badly.

I have shared ssl. I started out just using paypal for the transactions and didn't need ssl, the site worked great but customers sometimes got confused with paypal and didn't finish checking out. I haven't been able to determine if there was a browser connection or not and my gut tells me that CC3.09 isn't the problem at this point, because the only variable left to scrutinize is the shared hosting and shared ssl.

I would switch to dedicated ssl and a virtual private server if I 100% knew that it would fix the problem. When this first started getting posted in the forums, it was also happening to people with dedicated ssl. I also have been having shared hosting issues where another user on my server does something and robs my site of bandwith.

Any advice at this point would be much appreciated.

-M

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...