Post by straightlight » Wed Sep 12, 2018 11:39 pm

How I recognize that is really working or no?
Answered already above; by viewing the view-source code once the page has been refreshed with the help of the zlib output . As for Journal2, no words so far about its compatibility.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Legendary Member


Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by PSMDanny » Thu Nov 01, 2018 5:12 am

Hi and thank you for creating this wonderful extension and spending so much time here on helping users (that don't read).

Just wanted to note:
couple of minutes ago I downloaded the extension and started testing on Opencart 3020 with vqmod 2.6.2 Admin test was correct... frontend test was not correct (= no csrf tokens...)

So I started debuging the xml file and found out that in the current downloadable version (csrf.xml) there was code missing for the catalog/controller/common/header.php

So I added following code to the xml and everything seems to be working:
<file name="catalog/controller/common/header.php" error="skip">
<operation error="skip">
<search position="before"><![CDATA[$data['scripts']]]></search>


Thanks again and good luck!

Best Regards,



Fri Apr 04, 2014 3:38 am

Post by daeval » Wed Dec 12, 2018 4:18 am

Hello, I downloaded the module but i think that secure_compare function is wrong;
It has to return boolean if session token == __csrf post form value, but function returns a random string being always true, please check it.

Code: Select all

function secure_compare($a, $b) {
	global $csrf_protection_expires;
    if (strlen($a) !== strlen($b)) {
		return false;
	$randLength = 64;
	if (function_exists("random_bytes")) {
		$result = bin2hex(random_bytes($randLength));
    } elseif (function_exists("openssl_random_pseudo_bytes")) {
        $result = bin2hex(openssl_random_pseudo_bytes($randLength));
    } else {
        $result = '';
		for ($i = 0; $i < strlen($a); $i++) {
			$result |= ord($a[$i]) ^ ord($b[$i]);
	return substr($result, 0, $csrf_protection_expires);



Sat Sep 21, 2013 12:09 am
Who is online

Users browsing this forum: No registered users and 4 guests