Community Add-Ons
| Maintainers: | enigma1 |
 Add file to this package |
|
Filter ID
for osCommerce Online Merchant v2.2
Using this script, you can avoid trivial verification of php scripts deployed on your store those not checking the data types when accessing the database thus having potential security holes in your store’s code.
This module filters parameters passed during page transitions through the HTTP_GET_VARS and HTTP_POST_VARS arrays. This reduces the risk of sql string injection to the parameters with scripts that do not explicitly check for an integer data type thus allowing malicious code to run uncontrolled. The current implementation targets table identifiers but also provides a custom array for specific parameters that require integer data type verification. Such parameters can be used by other contributions for comparisons before setting/retrieving information to/from the dbase.
Forum Support Thread:
http://forums.oscommerce.com/index.php?showtopic=175472
Download 
Report
This is a complete version
Bug Fixes/Updates v1.01
- Code added to check identifiers within arrays.
- Fix when removing items from the shopping cart.
- Fix adding items with product attributes (default custom array modified to exclude straight id strings.
- Escape string filtering added.
- Added instructions for those using SEO url contributions.