Post by ideep13 » Mon Jun 03, 2019 11:43 pm

Hi,

I am using 2.3.0.2. OC. When I try to edit the status of the product to "On stock" and hit save I get an error ERR_BLOCKED_BY_XSS_AUDITOR or I am redirected to the missing page. I am using Chrome. It is up to date. I tried the same in Firefox, the same thing happens.

Is it some how connected with token and API?

I tried the whole new API thing but does not work for me.. I first noticed this thing when I moved to another hosting . They are saying it is nothing to do with the server, but probably with cloudfare??

If I try to edit the item it redirects me to a broken page of mine.. my site looks like this originally..
Image
but when I try to save the edited version it redirects me to this and saying The page doesn not exist, so it does not save it...

Image

I would appreciate some help.

Attachments

xss_.png

xss_.png (73.97 KiB) Viewed 773 times


User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by webdesires » Tue Jun 04, 2019 9:19 am

This is your browsers security feature, to disable this in the admin panel you could edit /admin/index.php and add the below at the top of the file, however exercise caution because this also then opens up your admin panel for legitimate XSS attacks so make sure your server is never compromised. Personally I feel all admin panels should deactivate XSS due to the fact of what you do with it. Just need to make sure the admin panel stays secure.

Code: Select all

header('X-XSS-Protection:0');
You could also just edit /admin/.htaccess and add:

Code: Select all

<filesMatch "\.(html|htm|js|css|php)$">
     Header unset Content-Security-Policy
     Header set X-XSS-Protection: "0"
</filesMatch>
P.S. I'm not too sure about your other issue this may not be related. please update me if that clears it up or not.
Last edited by webdesires on Wed Jun 05, 2019 6:58 pm, edited 1 time in total.

Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.

Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins


User avatar
New member
Online

Posts

Joined
Mon Sep 28, 2015 6:34 pm
Location - West Midlands, United Kingdom

Post by ideep13 » Tue Jun 04, 2019 2:37 pm

Thank you very much for the reply.
If I choose the fist option it won't let me through the admin panel when I'm signing in.
If I choose the second option it does not work. I get redirected to broken page.

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by webdesires » Wed Jun 05, 2019 6:57 pm

Your server may not have the required packages or setup for this to work. However I did make a mistake with the .htaccess version, try this in your .htaccess:

Code: Select all

<filesMatch "\.(html|htm|js|css|php)$">
     Header unset Content-Security-Policy
     Header set X-XSS-Protection: "0"
</filesMatch>
Let me know if this works better or if you still get a broken admin panel.

Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.

Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins


User avatar
New member
Online

Posts

Joined
Mon Sep 28, 2015 6:34 pm
Location - West Midlands, United Kingdom

Post by ideep13 » Mon Jun 10, 2019 3:04 pm

I opened the error logs.. and I found this:

PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/XXXXX/public_html/system/storage/modification/catalog/controller/product/product.php on line 789

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by ideep13 » Mon Jun 10, 2019 4:40 pm

webdesires wrote:
Wed Jun 05, 2019 6:57 pm
Your server may not have the required packages or setup for this to work. However I did make a mistake with the .htaccess version, try this in your .htaccess:

Code: Select all

<filesMatch "\.(html|htm|js|css|php)$">
     Header unset Content-Security-Policy
     Header set X-XSS-Protection: "0"
</filesMatch>
Let me know if this works better or if you still get a broken admin panel.
I don't have a broken admin .. I am being redirected to a strange broken page after I am trying to edit one particular item..and it says The page is not found..

I added this to my .htaccess file.. but It does not help..

I than went to log files and I found out this error: 2019-06-10 6:47:19 - PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/xxxx/public_html/system/storage/modification/catalog/controller/product/product.php on line 789

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by webdesires » Mon Jun 10, 2019 6:59 pm

that is coming from the front-end, and nothing to worry about. Warnings will not stop your site from working.

Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.

Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins


User avatar
New member
Online

Posts

Joined
Mon Sep 28, 2015 6:34 pm
Location - West Midlands, United Kingdom

Post by straightlight » Mon Jun 10, 2019 7:31 pm


The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com contractor officials representative


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ideep13 » Mon Jun 10, 2019 9:33 pm

Hi, I'm trying to find this file (model/module/module.php), but I don't have module folder under my admin folder.. just model. What am I missing? I am using 2.3.0.2. OC

I've changed php from 7.2. to 7.1... nothing changed..

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by cyclops12 » Mon Jun 10, 2019 9:56 pm

It might be model/extension/module/ etc etc

Active Member
Online

Posts

Joined
Sun Sep 27, 2015 1:10 am

Post by straightlight » Tue Jun 11, 2019 6:10 am

The OP has already provided the location: viewtopic.php?f=191&t=212065#p757069 . Since this issue is caused by an installed extension, however, contact the extension developer to resolved this issue.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com contractor officials representative


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ideep13 » Fri Jun 21, 2019 3:49 pm

i uninstalled almost each extension.. and it has nothing to do with an extension.. is it possible to find the root.. i can not edit anything on my site! I tried to update the google analytics code and after saving it i get redirected to a page that doesn'T exist again!

the code was not saved.. so I can not do anything..

on line 789 (/home/xxx/public_html/system/storage/modification/catalog/controller/product/product.php) is this code:

Code: Select all

 if (!empty($seo_categories)) {
                        $data['seo_data']['breadcrumbs'][] = array(
                            'name' => $this->config->get('config_name'),
                            'href' => $this->url->link('common/home', '', 'SSL')
                        );

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by ideep13 » Fri Jun 21, 2019 4:11 pm

hosting provider is saying to me that this is because i updated the php from 7.1. to 7.2...

but i reversed it now.. regarding this https://www.php.net/manual/en/function.count.php

I can't use my site at all!!!

I have just received an information that I need to debug the php?? I don't know how? Could please help me or do anyone has another solution to this?

edit: Now they turned off XSS .. and it magically works..

but I l already tried to put this code in .htaccess file.. but it didn't work..

Code: Select all

<filesMatch "\.(html|htm|js|css|php)$">
     Header unset Content-Security-Policy
     Header set X-XSS-Protection: "0"
</filesMatch>

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by OSWorX » Fri Jun 21, 2019 4:42 pm

As it seems, wether the Provider knows his job, nor you have a glue what to do .. correct?

Have you ever tried to make a new and clean installation - e.g. in a subfolder?
And only the Shop itself, no extensions, no custom template!
And no enabled .htaccess!
And tried it then again?

With several browsers?
And disable before their installed addins!

I am sure it will work.
Otherwise thousands of OC users would have these troubles you have.

And maybe you are using a local installed firewall or/and virus scanner?
If you will have still troubles then, disable also them - temporary.
Have seen some strange results at some clients when they have used such stupid virus solutions.

Before you have not tried a new and clean installation, I am sure nobody here can you help.

Forum Rules [en]: viewtopic.php?f=176&t=200480
Commercial Request: viewforum.php?f=88
Dedicated Support: https://dedicated.opencart.com/
Marketplace Support: https://www.opencart.com/index.php?rout ... rt/support
Documentation: http://docs.opencart.com/en-gb/extension/theme/

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by ideep13 » Fri Jun 21, 2019 6:40 pm

I am not doing a clean install.. The provider moved the site from to another hosting provider.

this s*** worked before.. don't understand why stopped working now..

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by OSWorX » Fri Jun 21, 2019 7:18 pm

Do whatever you want.
But stop annoying us.

Forum Rules [en]: viewtopic.php?f=176&t=200480
Commercial Request: viewforum.php?f=88
Dedicated Support: https://dedicated.opencart.com/
Marketplace Support: https://www.opencart.com/index.php?rout ... rt/support
Documentation: http://docs.opencart.com/en-gb/extension/theme/

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by straightlight » Fri Jun 21, 2019 7:44 pm

ideep13 wrote:
Fri Jun 21, 2019 6:40 pm
I am not doing a clean install.. The provider moved the site from to another hosting provider.

this s*** worked before.. don't understand why stopped working now..
Not a bug. This is a user configuration issue either originating from .htaccess, config.php or admin/config.php file. If you don't have the minimum skills to fix those issues, that's no problem. You can always create a new service request in the Commercial Support section of the forum to get this fixed as a custom job or you could always re-contact the hosting provider and request to fix this issue.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com contractor officials representative


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ideep13 » Fri Jun 21, 2019 7:59 pm

OSWorX wrote:
Fri Jun 21, 2019 7:18 pm
Do whatever you want.
But stop annoying us.

Wow, someone's got an attitude. You should consider look up to user straightlight. Such a nice, helpful soul.

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by ideep13 » Sat Jun 22, 2019 5:28 pm

this error escalated so far that interfered checkout process as well.. I contacted the hosting provider and he says that they totally disabled firewall for all my sites.. and I need to take care of the security and protection of the sites on my own from now on.. what does he mean? is my site now vulnerable 24/7? my site runs through cloudfare, I have changed admin folder.. i have 2.3.0.2. opencart.. do i need to update the opencart to the latest version so I can get rid of this error?

User avatar
Active Member

Posts

Joined
Mon Jun 18, 2012 2:47 am

Post by straightlight » Sat Jun 22, 2019 8:11 pm

ideep13 wrote:
Sat Jun 22, 2019 5:28 pm
this error escalated so far that interfered checkout process as well.. I contacted the hosting provider and he says that they totally disabled firewall for all my sites.. and I need to take care of the security and protection of the sites on my own from now on.. what does he mean? is my site now vulnerable 24/7? my site runs through cloudfare, I have changed admin folder.. i have 2.3.0.2. opencart.. do i need to update the opencart to the latest version so I can get rid of this error?
When you see these types of messages, it simply means that you need to switch web hosting service since it does not require to remove a firewall and leave you on your own to protect your domain to use Opencart. Not a bug.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com contractor officials representative


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 2 guests