Post by rewin81 » Mon Feb 11, 2019 5:20 pm

Hi,
A developer made this change to me:

system/library/url.php
$this->url with
$this->ssl

I'm not very happy when I touch the original opencart files and I would like to know from someone (that is not the developer) if this change affects something about the safety of opencart ...

Thanks

Newbie

Posts

Joined
Sun Jan 13, 2013 8:10 pm

Post by OSWorX » Tue Feb 12, 2019 4:27 am

1. why is someone changing files you cannot trust
2. if you feel unsafe, simply revert this change
3. why is this chnage made this way
4. what is the reason for this change > because
5. really not required

This all leads me to the assumption that this developer does not really know how OpenCart works.

Beside this: no. security of Opencart is not touched by this change.

Forum Rules [en]: viewtopic.php?f=176&t=200480
Forumregeln [de]: viewtopic.php?f=37&t=114208
Commercial Request: viewforum.php?f=88

Image Image Image


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by rewin81 » Tue Feb 12, 2019 6:15 am

Thank you for your answer.
I had purchased an extension from this developer (on the opencart marketplace). He had to modify the extension to make it compatible with the Journal 3 theme.

He has modified the files of his extension and he modified the file system/library/url.php

he wrote me this (I do not understand what it means):

"Also, I had to edit system/library/url.php in order to force SSL. This is needed for the proper functioning of the module since the XHR was loaded from non-secure URL. I made this as one-time free customization in order to force SSL on your website. This will be beneficial for all our website content since it will be loaded via HTTPS"

is a known developer and I have purchased other extensions from him ... only I do not understand the reason for this change ... for this reason I asked here on the forum ... as I said: I do not really like editing files natives of opencart.

Newbie

Posts

Joined
Sun Jan 13, 2013 8:10 pm

Post by IP_CAM » Tue Feb 12, 2019 8:43 am

Well, one either knows, or then, one has to believe. And since you
don't know, as it looks, you'll have to depend on others, like it or not.

The Mod Seller changed some Code, to 'force' HTTPS somewhere, and
he told you about it. But if you don't know, what that means, just ask
our Friend Google, and you will find whole bunches of basic Information
on SSL and HTTPS. So, just be happy, that he made it work in secure Mode.

And other Matters might also be of highest importance, when it comes to
Security. But if one is not familiar with Servers and OC Software, one needs
a trustworty Tech-Guy, like in any other Business too, it's as easy as that.

This Place here will not be of much help, neither, for taxing someone's work,
nor, to make your Installation safe and secure. That's your Job, or then, get
it made by a Pro. In real Business and Life, it's the only way to succeed.

.... I do not really like editing files natives of opencart.
That's your point of view. But OC-Files won't be of any use anymore anyway,
after one updates to another Version again, it therefore makes not much sense,
to worry about such. And the chances, that something else will no longer work,
because of such doings, are less than 0.1 percent, according to my experience.

Good Luck, no offense, it's not meant personally ...
Ernie

For Sale: Turnkey URLs with Opencart installed
My latest Opencart LIGHT Testsite: http://www.bigmax.ch/
Attacker IP Blocks are denied from further access to my Sites!
Just contact me for more Information at: jti@jacob.ch
800+ FREE OC Extension-Repositories - from OC v.1.5.x up
on the largest Opencart-Mod Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by rewin81 » Tue Feb 12, 2019 4:48 pm

No offense (why should I be offended?) Only I did not understand your intervention ...
if there are no problems for the safety of opencart I leave it. I tried to restore it and everything works equally ... for this reason I was curious what it could serve ...

Newbie

Posts

Joined
Sun Jan 13, 2013 8:10 pm

Post by JNeuhoff » Tue Feb 12, 2019 7:51 pm

Journal3 is one of the most cumbersome web themes because it doesn't always follow the OpenCart framework standards. It is therefore of no surprise when it clashes with other 3rd party extensions which were written for standard OpenCart. Even so, your 3rd party extension developer should not have directly modified OpenCart core files. He could have used event handlers or OCmod for this which would have left the original core files untouched.

MHC Web Design
Override Engine * Integrated VQMod * Multilingual SEO * Instant Option Price Calculator * TrustPilot Reviews * Google Rich Snippets * Google Tag Manager * Export/Import Tool * Template Switcher PHP/Twig


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am

Who is online

Users browsing this forum: No registered users and 10 guests