- This topic has 4 replies, 3 voices, and was last updated 11 years, 6 months ago by
.
-
Posts
-
I have recently installed the BulletProof Security (BPS) plugin, at the suggestion of my hosting provider (Digital Pacific) but it has caused a problem with my webstore, and I am tearing my hair out trying to fix it.
The problem is that when the BPS plugin is active, if customers add an item to their shopping cart then either click on the checkout button or navigate to another page, the shopping cart is empty. I have seen all the posts on this topic in this forum, and have followed all the suggestions about checking PHP session settings, etc. All good there, nothing is set incorrectly.
I have spent the last week liaising with the provider of the BPS plugin, who cannot reproduce the problem – BPS and WP eStore work together fine on his test site. I have confirmed the same thing on another site I manage, so there seems to be something about my site (www.wpspandc.com.au) which is different, and I cannot figure out what. I’m beginning to think something somewhere is corrupt.
When BPS is active, and a customer loads the Webstore page [http://www.wpspandc.com.au/webstore/] this creates the following entry in the BPS security log:
>>>>>>>>>>> 403 GET or Other Request Error Logged – 29/04/2013 – 10:42 pm <<<<<<<<<<<
REMOTE_ADDR: 60.225.179.31
Host Name: 60.225.179.31
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: [http://www.wpspandc.com.au/webstore]
REQUEST_URI: /wp-content/plugins/wp-cart-for-digital-products/lib/timthumb.php?src=[thumb]http://www.wpspandc.com.au/community-advertising/[/thumb]&h=125&w=125&zc=1&q=100
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31
The URL specified in the REQUEST_URI setting above looks very strange – I can’t understand why there is a reference in it to “community-advertising”. We have a Community Advertising page on our site, and the permalink for this page was community-advertising until yesterday, when I changed it to communityadvertising to see if this changed anything about the log entries – it didn’t.
Something somewhere appears to be corrupt.
I have already checked all the thumbnail_url values in the wp_wp_eStore_tbl and none of them contain any reference to community-advertising anywhere.
Our Webstore page uses the following 2 shortcodes:
[wp_eStore_category_products_fancy id=2 style=2 order=2]
[wp_eStore_cart_fancy1_when_not_empty]
Are you able to tell me what you would normally expect to see as the REQUEST_URI when the Webstore page is loaded? I would not expect to see any reference to community-advertising anywhere there.
Could there be a problem with the timthumb.php file being out of date? I have installed the TimThumb Vulnerability Scanner plugin, and it has identified that I have v2.8.5 installed, and the latest version is v2.8.11.
The “other site” you manage, on which there is no problem; is everything identical, including the hosting provider?
I figured out what the problem is…..I am using the ShrinkTheWeb plugin on my site for thumbnail images on the Community Advertising page, and had included [thumb] [/thumb] tags in the Thumbnail Image URL for one of the products in my webstore. Once I removed those tags, the problem was resolved.
P.S. Could you please still answer the question about the timthumb.php file? Does it matter that WP eStore using v2.8.5 and the latest version is v2.8.11?
You should be fine:
https://support.tipsandtricks-hq.com/forums/topic/timthumbphp-file-is-outdated
- You must be logged in to reply to this topic.