I am using Opencart 1.5.5.1 and it was working well, but I have run into a problem when using a text area option with products.
Many of our products are personalised and customers can add text (sometimes quite a lot) to their products. I have added a text area as an option where the personal words can be entered. This has been working well, until this week. Sometimes a customer adds lots of text with commas to separate words/phrases and it prevents them from adding the product to their cart. The button clicks, but nothing is added to the cart.
Looking at the error logs the problem is generating a 403 forbidden error. It also does this if I try to add an order in the admin area manually.
If half of the text is deleted, it works well. Is there a limit to how much text can be added in a text area (product option)? If so, can it be increased somehow? Could the commas be causing any problems?
To further add to the problem, these products have also caused problems when a customer wants to delete one from their cart. They click the red x, but the product isn't removed from the cart.
Any ideas or thoughts would be greatly appreciated, because I am stumped on this one! It has confused me because it works sometimes with less text.
It is not taking in pure text as pure text. You seem to have set it up to allow code injection, since it tries to execute going to a URL it deems is 403, and since deletion doesn't work. Yes, you can increase max input in the box, but if you do not do that, then the extra characters should just not "take" -- they should not contribute to the problem, and if you did not put a cap on the input, then all of whatever is entered (within certain limits) should pass. You might try inserting an ordinary semicolon just to see whether that throws an all-white screen, and looking at the log for concurrent error thrown. Where customers would face inconvenience, the danger is that a hacker playing with it could perhaps (or probably) wreak havoc.
There is a possibility that the TYPE of the data cells holding the entries (in one field, one column) needs to be enlarged among the steps from SMALLTEXT to TEXT to LARGETEXT, so as to accommodate more stuff. That can be seen and done in phpMyAdmin.
You can look at these and play with links and search terms:
http://stackoverflow.com/search?q=LARGETEXT on text volume in a field
http://stackoverflow.com/search?q=sanit ... text+entry on sanitizing html input in a box
There is a possibility that the TYPE of the data cells holding the entries (in one field, one column) needs to be enlarged among the steps from SMALLTEXT to TEXT to LARGETEXT, so as to accommodate more stuff. That can be seen and done in phpMyAdmin.
You can look at these and play with links and search terms:
http://stackoverflow.com/search?q=LARGETEXT on text volume in a field
http://stackoverflow.com/search?q=sanit ... text+entry on sanitizing html input in a box
I get this 'forbidden' problem too. it only happens when I use html tags though but this happens on everything. I cant add html to descriptions of products, I cant add my google analytics code. very annoying. If anyone has a suggestion on how to fix this it would be greatly appreciated. So far my only work around has been to edit the mysql database manually and add the code into fields in there -_-
Box, just off the top left corner of a ckeditor-driven Description or other box you can toggle between wysiwyg and Source modes, and if you stay in Source mode through edit and Save, then you can insert your very own tags and so forth. Fortunately, the text cells do not have to be gibberish "bash" and take text, although if content becomes too large you would need to elevate TYPE upward from SMALLTEXT to TEXT to LARGETEXT for the field (that would arise even inserting content in the box rather than into the cell for it). The wysiwyg mode makes a mess. Hand editing the db cells works equally well but takes the time to pay strict attention. That should cure part of what you're describing.
Box, I noticed this part, "I cant add html to descriptions of products, I cant add my google analytics code. very annoying." That's a mix. Descriptions have ckeditor unless it is fully defeated -- Source, wysiwyg. T'other one is just a box box -- for specified strings and nothin' else.
Who is online
Users browsing this forum: Majestic-12 [Bot] and 51 guests
