Shopping Cart Software

[fenboatman]

I am evaluating ClickCartPro as a candidate to replace an in-house built system which we host ourselves. One of the things we absolutely need is to be able to add fields to information about products and we are testing this function by adding a link to a datasheet PDF file. I have figured out how to add the field and set it to display but when I try to change the skin to display it in the product details, I hit show stopping problems.

In Location: Home > ClickCartPro (GBU) > Displays: Skins, Menus, XHTML Includes and Messages > Manage Catalog Product Displays: Detail View
I try to update the Display content by adding the new field but when I submit it, I get the error 501/505
The information says:
This error (HTTP 501 Not Implemented or HTTP 505 Version Not Supported) means that the website you are visiting doesn't currently have the ability to display the webpage, or support the HTTP version used to request the page.

It's not a fault the code I have entered because I have tried a submit without actually changing the code and I get the same error.

Other changes to the database, like adding the products, etc. work fine.
Is this because we are trying to post PHP back through the web form? If so, does anyone know how to fix the problem.

Thanks for any help you can give me. We are trying to get this test done before our evaluation period expires in a few day so that we can make a decision about whether to implement ClickCartPro.

Kim

[GreenbarnWeb]

Hi Kim,

Try this goto:
Home > ClickCartPro (GBU) > Web Pages: Web Page Management > Manage Web Pages

Try to update these 2 pages storepolicies and termsofuse.

If you only get this problem only with the storepolicies page then the problem is with your web host.

You have some security software running on your server that is not allowing you to post html forms with php contents. You need to get the web host to can the configuration of your security software to allows this.

[fenboatman]

Hi Howard,
Both the updates you asked me to test worked without errors.
Kim

[fenboatman]

You say:
"You have some security software running on your server that is not allowing you to post html forms with php contents. You need to get the web host to can the configuration of your security software to allows this."

I just tried changing the Terms of Use to include some php to print a string. It updated and worked perfectly so it is not the apache server which is preventing the posting of the php code.

Kim

[fenboatman]

Further info: I don't think it's PHP per se but there must be something in there that the server is objecting to. Error messages from the Apache error log:

[Fri Feb 12 13:00:01 2010] [error] [client 192.168.7.10] ModSecurity: Warning. Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at ARGS:gbu0_proddetdisp--incdisp. [file "/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf"] [line "102"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data "<script"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "cart.entrix.co.uk"] [uri "/admin.php"] [unique_id "S3VQ0X8AAAEAAAHRIuEAAAAH"]

[Fri Feb 12 13:00:01 2010] [error] [client 192.168.7.10] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*? ..." at ARGS:gbu0_proddetdisp--incdisp. [file "/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf"] [line "133"] [id "950006"] [msg "System Command Injection"] [data ";\\x0d\\x0a$id"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "cart.entrix.co.uk"] [uri "/admin.php"] [unique_id "S3VQ0X8AAAEAAAHRIuEAAAAH"]

Trying to figure out what it is objecting to. Any suggestions?
Kim

[GreenbarnWeb]

Hi Kim,

That is basically trying to stop iframe java script being inserted and other content insertions to your website.

See their website:
http://www.modsecurity.org/

See this on how to configure your IP to pass the Modsecurity:
http://www.modsecurity.org/documentatio ... tml#d0e400