Protection against XSS - xss

I see my script is vulnerable to XSS, I am new to PHP so I really have no idea where I should look at. Here are all the codes I use:
<?php
$host = $_SERVER['HTTP_HOST'];
$map = opendir(gif);
$m = 0;
while(false !=($file = readdir($map))){
if($file != "." && $file != ".."){
$gif[$m]= $file;
$m++;
}
}
$random_gif=rand(0,count($gif)-1);
?>
&
<html>
<head>
<meta http-equiv = "Content-Type" content = "text/html; charset=UTF-8">
<title><?php echo $_GET['gif']; ?> - Xanu</title>
</head>
<body><center>
<object width="650" height="650">
<embed src="gif/<?php echo $_GET['gif']; ?>" width="640" height="480"></embed>
<br><b><font face="Arial">
<font size="10"><?php echo $_GET['gif']; ?></font><br><br>
Link naar de bullshit die hier boven staat?<br>
<input type="text" size="55" name="giflink" value="http://<?php echo $host; ?
>/file.php?gif=<?php echo $_GET['gif']; ?>"><br><br>
<?php
echo 'Klik hier voor nieuwe bullshit!';
?>


You're sending $_GET['gif'] back to user , so you should use htmlspecialchar:
<?php echo htmlspecialchar($_GET['gif'] , ENT_QUOTES); ?>

Related

How do I fix Unexpected '>' Error?

I am getting this error:
Parse error: syntax error, unexpected '>' in
C:\xampp\htdocs\jagan\display.php on line 40
Here is my code:
<html>
<head><title> Display Student Results </title></head>
<body>
<form action="display.php method="post">
<table>
<tr>
<td>Enter Hallticket Number:
<td><input type="number" name="hno">
</tr>
<tr>
<td><input type="submit" name="btnsearch" value="search">
</tr>
</table>
</form>
</body>
</html>
<?php
$conn=mysqli_connect("localhost","root","")or die("unable to connect");
mysqli_select_db($conn,"college");
if(isset($_POST['btnsearch']))
{
$hall=$_POST['hno'];
$result=mysqli_connect($conn,"select * from student where hno=$hall");
echo "<h1> Student Results </h1>";
echo "<table border=5>";
echo "<tr>";
echo "<th> hallticket";
echo "<th> Name";
echo "<th> class";
echo "<th> gst";
echo "<th> Tax";
echo "<th> php";
echo "<th> dmdw";
echo "<th> accounts";
echo "</tr>;
while($rows=mysqli_fetch_assoc($result))
{
echo "<tr>";
echo "<td>".rows['hno'];
echo "<td>".rows['name'];
echo "<td>".rows['class'];
echo "<td>".rows['gst'];
echo "<td>".rows['tax'];
echo "<td>".rows['php'];
echo "<td>".rows['dmdw'];
echo "<td>".rows['acc'];
echo "</tr>";
}
echo "</table>";
}
?>

You aren't calling the mysql resultset properly, it's "row" not "rows". Here are the docs.
echo "<td>".rows['hno'];
Should be:
echo "<td>".row['hno'];
Also, your HTML table isn't properly formed. Take a look at this resource to understand how to create a table.
You need to close off your <th> and <td> tags like this:
echo "<th>Name</th>";
Here is a great tutorial that will walk you through PHP/MySQL coding. Working your way through that first will mean less trips here to SO seeking help.

multi-language banners for Opencart v2.3

I have an Opencart store with multiple languages. Banners can contain only one picture (irrespective of the language chosen), i designed banner for each language.
Opencart v 2.3.0.2
catalog/./view/theme/default/template/extension/module/banner.tpl
<div id="banner<?php echo $module; ?>" class="owl-carousel">
<?php foreach ($banners as $banner) { ?>
<div class="item">
<?php if ($banner['link']) { ?>
<img src="<?php echo $banner['image']; ?>" alt="<?php echo $banner['title']; ?>" class="img-responsive" />
<?php } else { ?>
<img src="<?php echo $banner['image']; ?>" alt="<?php echo $banner['title']; ?>" class="img-responsive" />
<?php } ?>
</div>
<?php } ?>
</div>

You'd have to manage the banner image files manually (with FTP) but an approach like this could work:
For each banner you want to display, upload it as usual in admin.
In the directory where the image is saved, create subdirectories corresponding to the languages you support (for example, "en-gb").
This code assumes banners are under catalog/demo/banners. So it just adds the path "language_name" under that.
Modify catalog/./view/theme/default/template/extension/module/banner.tpl to look first in the language specific subdirectory in the block where it displays the banner. In 2.3.0.2, this would look something like:
<?php
foreach ($banners as $banner) {
$lang = $this->registry->get('language');
if (file_exists($lang . "/" . $banner['image'])) {
$banner['image'] = str_replace("catalog/demo/banners", "catalog/demo/banners/$lang", $banner['image']);
}
}
?>
<div id="banner<?php echo $module; ?>" class="owl-carousel">
<?php foreach ($banners as $banner) { ?>
<div class="item">
<?php if ($banner['link']) { ?>
<img src="<?php echo $banner['image']; ?>" alt="<?php echo $banner['title']; ?>" class="img-responsive" />
<?php } else { ?>
<img src="<?php echo $banner['image']; ?>" alt="<?php echo $banner['title']; ?>" class="img-responsive" />
<?php } ?>
</div>
<?php } ?>
</div>

Display thumbnail of category in category.tpl module in opencart?

I need to display thumbnail images of category in category.tpl module in opencart?
I want display thumbnail of category in extension/module/category.tpl not product/product.tpl
how i can do this?
opencart 2.3.0.2

Show images for the sub-categories in the opencart version 2.3
Find following code at catalog\controller\product\category.php
$data['categories'][] = array(
'name' => $result['name'] . ($this->config->get('config_product_count') ? ' (' . $this->model_catalog_product->getTotalProducts($filter_data) . ')' : ''),
'href' => $this->url->link('product/category', 'path=' . $this->request->get['path'] . '_' . $result['category_id'] . $url)
);
Replace the code with below code:
$data['categories'][] = array(
'name' => $result['name'] . ($this->config->get('config_product_count') ? ' (' . $this->model_catalog_product->getTotalProducts($filter_data) . ')' : ''),
'image' => $this->model_tool_image->resize($result['image'], 100,100),
'href' => $this->url->link('product/category', 'path=' . $this->request->get['path'] . '_' . $result['category_id'] . $url)
);
Changed is 'image' => $this->model_tool_image->resize($result['image'], 100,100), if you have to increase the size then change 100 to other values.
Find following code at catalog\view\theme\default\template\product\category.tpl
<?php if ($categories) { ?>
<h3><?php echo $text_refine; ?></h3>
<?php if (count($categories) <= 5) { ?>
<div class="row">
<div class="col-sm-3">
<ul>
<?php foreach ($categories as $category) { ?>
<li><?php echo $category['name']; ?></li>
<?php } ?>
</ul>
</div>
</div>
<?php } else { ?>
<div class="row">
<?php foreach (array_chunk($categories, ceil(count($categories) / 4)) as $categories) { ?>
<div class="col-sm-3">
<ul>
<?php foreach ($categories as $category) { ?>
<li><?php echo $category['name']; ?></li>
<?php } ?>
</ul>
</div>
<?php } ?>
</div>
<?php } ?>
<?php } ?>
Replace with the below code
<?php if ($categories) { ?>
<h3><?php echo $text_refine; ?></h3>
<?php if (count($categories) <= 5) { ?>
<div class="row">
<div class="col-sm-3">
<ul>
<?php foreach ($categories as $category) { ?>
<li> <a href="<?php echo $category['href']; ?>">
<?php if($category['image']){ ?>
<img src="<?php echo $category['image']; ?>" ><br>
<?php } ?>
<?php echo $category['name']; ?></a></li>
<?php } ?>
</ul>
</div>
</div>
<?php } else { ?>
<div class="row">
<?php foreach (array_chunk($categories, ceil(count($categories) / 4)) as $categories) { ?>
<div class="col-sm-3">
<ul>
<?php foreach ($categories as $category) { ?>
<li><a href="<?php echo $category['href']; ?>">
<?php if($category['image']){ ?>
<img src="<?php echo $category['image']; ?>" ><br>
<?php } ?>
<?php echo $category['name']; ?></a></li>
<?php } ?>
</ul>
</div>
<?php } ?>
</div>
<?php } ?>
<?php } ?>
Extra code added is below and there are two places to add the code:
<?php if($category['image']){ ?>
<img src="<?php echo $category['image']; ?>" ><br>
<?php } ?>
You are set for the default theme, but if you are using custom theme then you have to manage as per your theme.
https://webocreation.com/blog/show-images-sub-categories-opencart-version-2-3

opencart 1.5.6.4 Add image in the middle of category list

I want to show an image or banner in the middle of product category list page. So if there are 10 products in the product category list then it will show 5 product, and then the image, and then the rest 5 product.
Can anybody show me how to do this? Thank you

Open this file:
catalog/view/theme/default/template/product/category.tpl
find foreach for products:
<?php foreach ($products as $product) { ?>
create a variable as a counter before foreach:
then go to the end of foreach (line 99):
<?php } ?>
add following code before it:
<?php if($i == 5){ ?>
<p>here is place for image</p>
<?php } $i++; ?>
Here is full code for foreach section:
<?php $i = 1; foreach ($products as $product) { ?>
<div>
<?php if ($product['thumb']) { ?>
<div class="image"><img src="<?php echo $product['thumb']; ?>" title="<?php echo $product['name']; ?>" alt="<?php echo $product['name']; ?>" /></div>
<?php } ?>
<div class="name"><?php echo $product['name']; ?></div>
<div class="description"><?php echo $product['description']; ?></div>
<?php if ($product['price']) { ?>
<div class="price">
<?php if (!$product['special']) { ?>
<?php echo $product['price']; ?>
<?php } else { ?>
<span class="price-old"><?php echo $product['price']; ?></span> <span class="price-new"><?php echo $product['special']; ?></span>
<?php } ?>
<?php if ($product['tax']) { ?>
<br />
<span class="price-tax"><?php echo $text_tax; ?> <?php echo $product['tax']; ?></span>
<?php } ?>
</div>
<?php } ?>
<?php if ($product['rating']) { ?>
<div class="rating"><img src="catalog/view/theme/default/image/stars-<?php echo $product['rating']; ?>.png" alt="<?php echo $product['reviews']; ?>" /></div>
<?php } ?>
<div class="cart">
<input type="button" value="<?php echo $button_cart; ?>" onclick="addToCart('<?php echo $product['product_id']; ?>');" class="button" />
</div>
<div class="wishlist"><a onclick="addToWishList('<?php echo $product['product_id']; ?>');"><?php echo $button_wishlist; ?></a></div>
<div class="compare"><a onclick="addToCompare('<?php echo $product['product_id']; ?>');"><?php echo $button_compare; ?></a></div>
</div>
<?php if($i == 5){ ?>
<p>here is place for image</p>
<?php } $i++; ?>
<?php } ?>

Split Dynamic List into three columns

I am creating a product A to Z for a magento build. My code works however, the second column is larger than the first and third. I am missing a trick here and can't get my head around the maths. Can anyone see where i'm going wrong ?
<div class="content">
<div class="collapse">
<?php $letter = $this->getLetter(); ?>
<?php $_collection = $this->getProductCollection(); ?>
<h2 class=""><?php echo $this->__( $letter ) ?></h2>
<?php if( $total = count($_collection)): ?>
<?php $break = ceil($total / 3); ?>
<div class="" style="">
<ul class="">
<?php $i = 0; ?>
<?php foreach( $_collection as $_product ): ?>
<?php if($i % $break == 0 && $i > 0) : ?>
</ul>
<ul class="">
<?php endif; ?>
<li class="productno-<?php echo $i ?>"></li>
<?php $i++; ?>
<?php endforeach; ?>
</ul>
<?php else: ?>
</div>
<?php endif; ?>
</div>
I have stripped out all no essential content so ignore empty classes and href

Instead of doing in php, you may want to output the full list and style it with css as described in Is there a way to break a list into columns?.
ul {
-moz-column-count: 3;
-moz-column-gap: 20px;
-webkit-column-count: 3;
-webkit-column-gap: 20px;
column-count: 3 it;
column-gap: 20px;
}