Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Basket plugin MOD
#1
This plugin is an original Basket Plugin modification. Basket MOD Plugin is based on Basket Plugin ver. 1.2.

Installation and use mostly is similar with original plugins. Therefore, for installation instructions please refer to this source.
This article describes the changes that have been made in this modification:
  1. Full i18n support for multilinguality. If the site is used multilinguage structure - the user can set the basket element rendering language. If the site has only one language - the elements will be rendered with this language.
  2. Due to the first paragraph has become unnecessary basket language settings parameter in the administration area - so it was removed.
  3. Added a new basket setting, which can be used to indicate the small basket mapping on pages (show everywhere, or only specified pages).
  4. Small basket status change by adding or removing items. Small basket may have different background images when it is empty and when it contains goods.
  5. Added special pages demo structure formation buttons, which allows you to create TV and LAPTOPS special pages data. These data structures are realized discounts logic, which allows to apply discounts on selected goods in real time. Discounts can be given as a percentage or numeric value from the original price of goods.
  6. On the TV and LAPTOPS product details page also realized a photo gallery, which based on PrettyPhoto script. Therefore plugin settings supplement with new item that allows you to include the following library on front pages.
  7. Added Lithuanian language interface translation.
  8. Other minor fixes.

More detailed description in English, Lithuanian and Russian and downloadable sources can be find on my site (see it LIVE):
http://pigios-svetaines.eu/projects/eshop-ra/
Reply
#2
Sorry but, I do not recommend using Basket Plugin, the script is really very poor implemented from a security point and highly vulnerable to an XSS attack. You can send javascript code, steal cookies, manipulate prices, etc - And that's just the tip of the iceberg …

Below are the screenshot examples, I also have made a short video how you can simple steal cookies from your site lol. But I don't publish it here ;-)

(To see more info about, see: Order 3, Username: Foo)

[Image: Bildschirmfoto%202016-05-28%20um%2018.53.04.png?dl=1]


[Image: Bildschirmfoto%202016-05-28%20um%2018.57.40.png?dl=1]


[Image: Bildschirmfoto%202016-05-28%20um%2019.01.22.png?dl=1]
Reply
#3
(2016-05-29, 03:10:05)Bigin Wrote: Sorry but, I do not recommend using Basket Plugin, the script is really very poor implemented from a security point and highly vulnerable to an XSS attack. You can send javascript code, steal cookies, manipulate prices, etc - And that's just the tip of the iceberg …

Hi, Bigin.
Yes, I saw this plugin failures. Thank you for the information.
Of course the easiest way do not use this plugin. But the alternative to him I did not really find.
I have tried a number of similar type of plugins and I can say that this plugin is the fastest, most stable and having the greatest potential.
Yes, you have proved that it has a safety problem. But we can try to work together to eliminates these shortages.
And to make this plugin not only good but also safe.


Andrejus.
Reply
#4
good luck with it. I'm using this plugin too, but rewritten in many ways. It's still vulnerable, but it doesn't matter because of the purpose of this plugin. I've also disabled javascript part, rewrote session handling and I'm checking prices on submit, but it's still not enough. I wanted to port whole website to litecart or opencart, but that's just too much scripting Big Grin
Reply
#5
There have recently been a number of plugin change...


Basket plugin MOD ver 1.2.2

Changes:
  1. In the order sending form added protection against spammers (CAPTCHA). Also performed e-mail address existence checking.
  2. Corrected logic, which showed the order history information to the consumer when entered the order number and name.
Basket plugin MOD ver 1.2.3
Changes:
  1. Fixed all noticed vulnerabilities issues.
  2. In the admin page add 2 new fields to assign names for special fields Rebate and Percent.
  3. In the admin history page add new button with which you can delete the selected history file (located on the item details form).
  4. JQuery from cloud now loads into Header area.
 
Upgrading from previous versions:
Unzip the latest version. Re-import all previously used special pages types.
Reply
#6
Plugin upgraded to the new version.
Basket plugin MOD ver 1.2.4
Changes:
1. The plugin administration area has been moved to the tab "Commerce".
2. To the administration page add new fields: "Show related items on the products page?" and "Related items per page?". With these fields, you can set how to show related items on the Catalog pages.
3. For e-mail sending now use PHPMailer class.
Reply
#7
(2019-02-08, 21:45:03)asemion Wrote: Plugin upgraded to the new version.
Basket plugin MOD ver 1.2.4
Changes:
1.    The plugin administration area has been moved to the tab "Commerce".
2.    To the administration page add new fields: "Show related items on the products page?" and "Related items per page?". With these fields, you can set how to show related items on the Catalog pages.
3.    For e-mail sending now use PHPMailer class.

Does this version resolve the earlier security issues mentioned?
I'm no Einstein, nor do I profess to be. Just saying what I would try in the circumstances.
Reply




Users browsing this thread: 1 Guest(s)