1.0.8.11 Questions / Comments / Concerns

Ask the community for help and support.
heatherbell
VIP Member
VIP Member
Posts: 1996
Joined: Mon Oct 07, 2019 4:39 am
Has thanked: 26 times
Been thanked: 175 times

Re: 1.0.8.11 Questions / Comments / Concerns

Post by heatherbell »

Petbeemer wrote: Sat Feb 12, 2022 4:43 pm security check page doesn't work now though?
Move files out of the admin/includes/modules/security_checks/extended/ directory one by one until you find the one that is timing out (probably one or more of the asce_ files).
For me, removing all 3 asce_ files got it working again without adverse effect.

Tags:
tedukes
Posts: 87
Joined: Wed Oct 27, 2021 11:27 pm
Has thanked: 17 times
Been thanked: 1 time

Re: 1.0.8.11 Questions / Comments / Concerns

Post by tedukes »

heatherbell wrote: Mon Feb 21, 2022 5:30 am
Petbeemer wrote: Sat Feb 12, 2022 4:43 pm security check page doesn't work now though?
Move files out of the admin/includes/modules/security_checks/extended/ directory one by one until you find the one that is timing out (probably one or more of the asce_ files).
For me, removing all 3 asce_ files got it working again without adverse effect.
That's a no go for me. Tried removing each one individually and all at once.
vmn
Posts: 40
Joined: Mon Mar 08, 2021 8:59 am
Has thanked: 3 times
Been thanked: 1 time

Re: 1.0.8.11 Questions / Comments / Concerns

Post by vmn »

No language flags in admin, when DEFAULT_IMAGE is set.

My fix in admin/includes/actions/catalog/infoboxes/edit_category.php:

//OLD$language_icon = new Image($Admin->catalog("includes/languages/{$l['directory']}/images/{$l['image']}"), ['alt' => $l['name']]);
$language_icon = $Admin->catalog_image("includes/languages/{$l['directory']}/images/{$l['image']}", [], $l['name']);


My fix in admin/info_pages.php: replace all occurrences of

tep_image(tep_catalog_href_link('includes/languages/' . $languages[$i]['directory'] . '/images/' . $languages[$i]['image'], '', 'SSL'), $languages[$i]['name'])

with

$Admin->catalog_image("includes/languages/{$languages[$i]['directory']}/images/{$languages[$i]['image']}", [], $languages[$i]['name'])


Same kind of problem also in
advert_manager.php
customer_data_groups.php
languages.php
manufacturers.php
orders_statuses.php
WP Horlogebanden
Posts: 7
Joined: Thu Mar 25, 2021 7:35 pm
Has thanked: 1 time

Re: 1.0.8.11 Questions / Comments / Concerns

Post by WP Horlogebanden »

heatherbell wrote: Mon Feb 21, 2022 5:30 am
Petbeemer wrote: Sat Feb 12, 2022 4:43 pm security check page doesn't work now though?
Move files out of the admin/includes/modules/security_checks/extended/ directory one by one until you find the one that is timing out (probably one or more of the asce_ files).
For me, removing all 3 asce_ files got it working again without adverse effect.
I noticed in my logging just after Admin-login the following error ["admin" is not the real directory name]:
Apache error
mod_fcgid: stderr: PHP Fatal error:
Cannot declare class d_security_checks, because the name is already in use in .../admin/includes/modules/dashboard/d_security_checks.php on line 13, referer: https://..../admin/index.php
, referer: ../admin/index.php

Is this related to the problem the security check page showing a blank page ?
I updated my installation from 1.0.8.9. manually. Did I make a mistake somewhere ?
ecartz
Lead Developer
Lead Developer
Posts: 2637
Joined: Tue Nov 05, 2019 6:02 pm
Has thanked: 4 times
Been thanked: 181 times

Re: 1.0.8.11 Questions / Comments / Concerns

Post by ecartz »

WP Horlogebanden wrote: Wed Mar 16, 2022 4:56 pm Is this related to the problem the security check page showing a blank page ?
Probably not. As that error is about the dashboard module, which shows on the index page, not the security checks page. It would cause the index page to show incorrectly, possibly with some modules and the footer not appearing. Unless you renamed the index.php file to security_checks.php, I don't see how they would be related.
WP Horlogebanden wrote: Wed Mar 16, 2022 4:56 pm I updated my installation from 1.0.8.9. manually. Did I make a mistake somewhere ?
Quite possibly. Unfortunately, it's hard to say what mistake from the information given. I don't have better general advice than to roll back and apply the updates again. It's possible that one of the certified developers could, by inspecting the files of your site, come up with a more targeted solution.
WP Horlogebanden
Posts: 7
Joined: Thu Mar 25, 2021 7:35 pm
Has thanked: 1 time

Re: 1.0.8.11 Questions / Comments / Concerns

Post by WP Horlogebanden »

ecartz wrote: Wed Mar 16, 2022 9:23 pm
WP Horlogebanden wrote: Wed Mar 16, 2022 4:56 pm Is this related to the problem the security check page showing a blank page ?
Probably not. As that error is about the dashboard module, which shows on the index page, not the security checks page. It would cause the index page to show incorrectly, possibly with some modules and the footer not appearing. Unless you renamed the index.php file to security_checks.php, I don't see how they would be related.
WP Horlogebanden wrote: Wed Mar 16, 2022 4:56 pm I updated my installation from 1.0.8.9. manually. Did I make a mistake somewhere ?
Quite possibly. Unfortunately, it's hard to say what mistake from the information given. I don't have better general advice than to roll back and apply the updates again. It's possible that one of the certified developers could, by inspecting the files of your site, come up with a more targeted solution.
Thanks. As only the security check page is failing and I modified quite a few pages, I will continu tracing the errors.
---
I traced the errors and found the following:
- my blank page Security Checks is related to line 103 in ../Admin/includes/classes/security_checks.php: if I skip that line (I just put "//" in front of it), my page shows correctly except for 2 error HTTP messages just below the heading title of the page ("Authorization required...").
- The errors are related to the protected access to the ../Admin/backups directory: if I rename the .htacces file I get again two HTTP error but different ones ("Forbidden...")
- my blank page Server Info is related to ../Admin/includes/classes/system_info.php line 35 and 36: @exec() seems to be blocked by the security setting of my hosting provider. If I replace the values with fixed values ("xxx" and 999), my pages shows those values at the Servoer OS: "Linux xxx" and server uptime 999.
It seems this is not related to my modifications nor to any incorrectly executed updates, but to server security. Is my assumption correct?
ecartz
Lead Developer
Lead Developer
Posts: 2637
Joined: Tue Nov 05, 2019 6:02 pm
Has thanked: 4 times
Been thanked: 181 times

Re: 1.0.8.11 Questions / Comments / Concerns

Post by ecartz »

WP Horlogebanden wrote: Tue Mar 22, 2022 5:51 pm It seems this is not related to my modifications nor to any incorrectly executed updates, but to server security. Is my assumption correct?
I don't know. That seems a reasonable surmise. If your server blocks exec, then things using it won't work. If your server blocks certain curl options, then those won't work.

There are probably log messages about this somewhere. They may not be visible to you, but should be visible to your host.
ecartz
Lead Developer
Lead Developer
Posts: 2637
Joined: Tue Nov 05, 2019 6:02 pm
Has thanked: 4 times
Been thanked: 181 times

Re: 1.0.8.11 Questions / Comments / Concerns

Post by ecartz »

For those experiencing problems with the Security Checks page, you could try https://github.com/CE-PhoenixCart/Phoen ... c98839610a

You should be able to just use the latest version of that file at https://raw.githubusercontent.com/CE-Ph ... checks.php or https://github.com/CE-PhoenixCart/Phoen ... 0.8.17.zip

That works for me, but the old version did as well. It does solve one thing that was presumably a bug. It should also hopefully be compatible with more curl versions.
Post Reply