Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
Forum Search
Google Site Search
 All Forums
 Technical
 PHP (Unix / Linux / Apache) versions
 CRITICAL UPDATE to Canonical Code proddetail.php
Author « Topic »  

ITZAP
Ecommerce Template Guru

Australia
1017 Posts

Posted - 12/14/2020 :  19:08:00  
This Tips and Tricks topic here contains PHP code to dynamically generate canonical url and Facebook og:url entries in the <head> of your proddetail.php page.

An issue has arisen where a site was identified as subject to an XSS (Cross Site Scripting) vulnerability. The culprit was identified to be this line of code:

return $url.($addprod&&@$_GET['prod']!=''?'?prod='.@$_GET['prod']:'');} ?>

If you have used this dynamic code on your website then, on advice from Vince, please NOW REPLACE that line with the following:

return str_replace('"','&quot;',strip_tags($url.($addprod&&@$_GET['prod']!=''?'?prod='.@$_GET['prod']:'')));} ?>

For more complete information, please view the relevant Tips and Tricks topic here >>

Gary
  « Topic »  
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.02 seconds. Snitz Forums 2000