Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
The only hope you'd need to have is when the install.xml file from the OCMod will track its only needed line that this line is not already in use by other extensions. No worries, your store won't be broken but you will simply have to make minor adjustments to the install.xml file.
In addition, I have tested this with TWIG files compared to TPL files, it makes no difference; the CSRF hidden input field still appears from the view source to protect the store.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Will you also post an updated 1.5.6.4 version?straightlight wrote: ↑Thu Feb 15, 2018 9:40 amAlright folks. Tonight (my end) I have re-worked on the CSRF protection form extension and I just finished tested it by creating a new helper file. So far, everything runs successfully without the need to do a single manual operation. The CSRF hidden input type appears from the source as expected automatically without overriding any core files. Tomorrow, I will be publishing a new OCMod release for v2.x and v3.x releases.
The only hope you'd need to have is when the install.xml file from the OCMod will track its only needed line that this line is not already in use by other extensions. No worries, your store won't be broken but you will simply have to make minor adjustments to the install.xml file.
In addition, I have tested this with TWIG files compared to TPL files, it makes no difference; the CSRF hidden input field still appears from the view source to protect the store.
Thanks
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Check it out on the Marketplace for the new version of the CSRF Protection form. For v1.5x users, it has not been tested but the VQMod XML file can be modified by searching the right lines on the same targeted files. Using VQMod Manager would still be a good suggestion to avoid confusing your other installed extensions.[15-02-2018] - CSRF for OC v2.x and v3.x releases
The day has finally arrived. The CSRF protection form extension is now protecting the entire Opencart HTML forms that involves posting information to the store. Simply use VQMod and VQMod Manager to compare the lines at your discretion to the targeted file. Only new files, no core files overwritten. Not a single CSRF attacker / flooder will be able to submit bot scripts to auto-register customer / affiliate accounts from now on.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
It works fine on the admin side - code is loaded into the header and hidden input appears in source.
Does not work in the front though. vq2-catalog_controller_common_header.php in vqcache shows that the xml seems to have done it's job fine (just like with the admin):
Code: Select all
$data['currency'] = $this->load->controller('common/currency');
$this->load->helper('csrf_helper');
csrf_start();
$data['search'] = $this->load->controller('common/search');
OC 2.1.0.2.
Any help would be appreciated.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Thanks for the reply.straightlight wrote: ↑Mon Feb 19, 2018 2:17 amNo, you may simply need to modify the XML file where the catalog/controller/common/header.php file looks for its line. To ensure proper tracking without conflict, I would suggest to use the VQMod Manager from the marketplace . Either an invalid line, from your store, is being looked or the line does exist but may conflict the research for another extension. VQMod Manager will notify you on its monitor.
In my case the VQMod Manager does not display anything, neither does error log. The line is added correctly to the vqcache, but after that point it does not work for some reason.
If you see the VQCache results, what do you mean by does not work? Please, clarify the statement.but after that point it does not work for some reason.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
vq2-catalog_controller_common_header.php in vqcache shows that the xml seems to have done it's job fine (just like with the admin):straightlight wrote: ↑Mon Feb 19, 2018 4:22 amIf you see the VQCache results, what do you mean by does not work? Please, clarify the statement.
Code: Select all
$data['currency'] = $this->load->controller('common/currency');
$this->load->helper('csrf_helper');
csrf_start();
$data['search'] = $this->load->controller('common/search');
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Thanks for the update.straightlight wrote: ↑Mon Feb 19, 2018 5:49 amOk, I fixed the XML by cloning the buffer from the helper. Re-download the package and follow my instructions from my last post on the comment page on the marketplace.
Unfortunately the fix only seems to work on OC3 for the front, as the xml changes only .twig files.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
As per the first post of this topic, I am the developer of this extension. I sent you a PM for the installation.Who would i contact to install this for me??
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Users browsing this forum: No registered users and 111 guests