clickline's People
clickline's Issues
Design for order details in BO
While the design on the order details on the back-office is well designed on PrestaShop 1.5, the result is not good on 1.6.
You can use the structure used on the whole back-office and create a version for PS 1.6, like the module give.it did on his templates.
cURL
Availability of cURL library is not checked.
In the __construct() method you should set a warning to check if cURL is available or not.
timthumb in the wrong folder
The libraries needed by the module must be stored in the folder /lib/.
Please move timthumb.php from /img/thumb/ to /lib/ or /lib/thumb/.
Security validation
UNSERIALIZE:
unserialize can lead to code execution when the data is controlled by an attacker. While it may not be trivial to control the data in the unserialize call of this module, it's still possible (through a sql injection in another module by example).
All serialize/unserialize function should be replaced with json_encode/json_decode.
Concerned files :
/clickline/clicklinecart.class.php
/clickline/clicklineorder.class.php
THIMTUMB:
The thimtumb version 2.8.13 is affected by a critical vulnerability (code execution). However the vulnerability is not exploitable when define('WEBSHOT_ENABLED') is false, which is the case in this module.
Since Thimtumb is really insecure, you should think about using another library.
We still recommand to upgrade to the latest version of thimthumb (2.8.14) and keep webshot disabled.
clickline/lib/thumb/timthumb.php
SQL:
/modules/clickline/clickline.php:769 'SELECT * FROM '.DB_PREFIX.'address where id_address = "'.$usuario_direccion_id.'"';
probably not exploitable because $params['cart'] is likely to be safe, but safer to add pSQL or intval() on $usuario_direccion_id (like you did on the others query using $usuario_direccion_id).
Configuration page
You can make a lot of improvements on the configuration page.
- The module must be introduced on this page. Why the merchant should use it ? How his experience can be improved by using this module ? etc.
Here are any examples from other modules:
- The page is not easy to read and the pictures don't look beautiful when we personalize our theme with a dark configuration, as you can see on the following screen shot:
- Your images are disturbing. The first one just open a new tab to an external website and the second one toggle a form which could be always shown. Nothing seems to appear after these big buttons but this form, so I guess you can resize the first one, remove the second one and show immediately the configuration fields.
index.php
index.php file not found in: img/settings_options/
Confirmation message
A confirmation message is shown when the back office configuration form is submitted, event if the form was empty.
Curly braces
You fixed almost everything in your penultimate commit but reverted some things in the last one.
Curly braces were placed on a new blank line but are anymore since your last commit.
Install error
Error while trying to install the module on a fresh shop install: https://www.dropbox.com/s/uqclan52ksoyf46/Capture%20d%27%C3%A9cran%202014-08-05%2014.12.25.png
Missing images
toArray()
toArray() is a method, not a function (clickline.php line 1040)
Compatible versions of PrestaShop ?
We don't really know which versions of PrestaShop are supposed to be compatible with clickline.
In the __construct(), you include the backward_compatibility to make your module compatible with PS 1.4, but then you remove it with the ps_version_compliancy between 1.5 and the last version of PS.
If clickline is compatible with 1.4, the ps_version_compliancy must be remove. If not, you can safely delete everything related to the backward_compatibility.
strtolower
The use of function strtolower() is forbidden; use Tools::strtolower() instead.
- clickline.php line 554.
Bug right after the installation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.