www.robix.nl

Pas in \cubecart\includes\content het bestand confirmed.inc.php aan
Vervang regel 50:
   if(ereg("Authorize|WorldPay|Protx|SECPay|BluePay",$pg)){
door
   if(ereg("Authorize|WorldPay|Protx|SECPay|BluePay|MollieiDEAL",$pg)){

*/

if(!defined('CC_INI_SET') || !isset($_GET['s'])){ die("Access Denied"); }

// include lang file
$lang = getLang("includes".CC_DS."content".CC_DS."confirmed.inc.php");

$confirmation = new XTemplate ("content".CC_DS."confirmed.tpl");

$confirmation->assign("LANG_CONFIRMATION_SCREEN",$lang['confirmed']['confirmation_screen']);

$confirmation->assign("LANG_CART",$lang['confirmed']['cart']);
$confirmation->assign("LANG_CHECKOUT",$lang['confirmed']['checkout']);
$confirmation->assign("LANG_PAYMENT",$lang['confirmed']['payment']);
$confirmation->assign("LANG_COMPLETE",$lang['confirmed']['complete']);
   
// Payment Failed link to try again

if ($_GET['s'] == 1) {

   $confirmation->assign("LANG_ORDER_FAILED", $lang['confirmed']['order_fail']);
   $confirmation->assign("LANG_ORDER_RETRY", $lang['confirmed']['try_again_desc']);
   $confirmation->assign("LANG_RETRY_BUTTON", $lang['confirmed']['try_again']);
   $confirmation->assign("VAL_CART_ORDER_ID", $_GET['cart_order_id']);
   
   $confirmation->parse("confirmation.order_failed");
   
}
// Payment success & complete
elseif($_GET['s'] == 2) {
   $confirmation->assign("LANG_ORDER_SUCCESSFUL",$lang['confirmed']['order_success']);
   
   $confirmation->parse("confirmation.order_success");
   
}
// Payment may or may not have been approved yet
elseif($_GET['s'] == 3) {
   $confirmation->assign("LANG_ORDER_PROCESSING",$lang['confirmed']['order_processing']);
   
   $confirmation->parse("confirmation.order_processing");
}
      
   
$confirmation->parse("confirmation");
   
$page_content = $confirmation->text("confirmation");
?>

Zorg dat je in PHP.ini de volgende instelling hebt staan: allow_call_time_pass_reference = On

*/

if (version_compare(PHP_VERSION, '5.2.0', '<')) {
   die('You need to upgrade to PHP Version 5.2.0 or better to use CubeCart. You are currently running PHP Version '.PHP_VERSION);
}

## Version Number
$ini['ver']       =    '4.2.2';

## Brute Force Protection
$ini['bfattempts']    =    5;                  ## Allowed number of login attempts
$ini['bftime']       =    600;                ## Number of seconds to prevent login for

define('CC_SESSION_NAME', 'ccUser');          ## Default session name is ccUser, this can be changed
define('CC_ADMIN_SESSION_NAME', 'ccAdmin');    ## Default admin session name is ccAdmin, this can be changed

## Pages which need to run under SSL if enabled/forced
$sslPages = array(
   "unsubscribe"   => true,
   "login"       => true,
   "logout"       => true,
   "forgotPass"   => true,
   "account"      => true,
   "profile"      => true,
   "changePass"   => true,
   "newsletter"   => true,
   "cart"         => true,
   "step1"         => true,
   "step2"         => true,
   "step3"         => true,
   "reg"         => true,
   "viewOrders"   => true,
   "viewOrder"      => true,
   "confirmed"      => true,
);

## Stop includes, etc from being executed outside of the main application
define('CC_INI_SET', NULL);

## Define a few environmental variables
define('CC_DS', DIRECTORY_SEPARATOR);
define('CC_PS', PATH_SEPARATOR);         # Is this really needed anymore? Left for compatibility, in case any 3rd party mods use it
define('CC_ROOT_DIR', dirname(__FILE__));

## Define the order statuses as constants
define('ORDER_PENDING',      1);
define('ORDER_PROCESS',      2);
define('ORDER_COMPLETE',   3);
define('ORDER_DECLINED',   4);
define('ORDER_FAILED',      5);
define('ORDER_CANCELLED',   6);

## List here all the paths you wish to allow _p to be
$allowed_modules = array(
   'modules'.CC_DS.'gateway'.CC_DS.'Print_Order_Form'.CC_DS.'orderForm.inc.php',
   'images'.CC_DS.'random'.CC_DS.'verifyGD.inc.php',
   'images'.CC_DS.'random'.CC_DS.'verifySTD.inc.php',
);

## Enable Script Profiling
#if (extension_loaded('APD')) apd_set_pprof_trace('cache');
#if (extension_loaded('XDebug')) xdebug_start_trace('test', 4);

## Set error reporting to all but notices
error_reporting(E_ALL ^ E_NOTICE);
## display errors
ini_set('display_errors', true);
## Disable 'Register Globals' for security
ini_set('register_globals', false);
## Disable '<?' style php short tags for xml happiness
ini_set('short_open_tag', false);
## Set argument separator to &amp; from & for XHTML validity
ini_set('arg_separator.output', '&amp;');
## Automatically detect line endings
ini_set('auto_detect_line_endings', true);
## turn off magic quotes if on
ini_set('magic_quotes_gpc', false);
set_magic_quotes_runtime(false);

## NEW - Let's enable page compression by default, if output_buffering is not enabled
//if (!ini_get('output_buffering')) {
   ini_set('zlib.output_compression', true);
   ini_set('zlib.output_compression_level', 5);
//}

## Windows/IIS can be a pain in CGI mode - this tries to alleviate our suffering...
if (strtolower(substr(PHP_OS, 0, 3)) === 'win' && strtolower(php_sapi_name()) === 'cgi') {
   ini_set('cgi.rfc2616_headers', true);
}
## default encoding UTF-8
ini_set('default_charset','UTF-8');

//date_default_timezone_set('UTC');

/************* START INITIAL SECURITY CHECKS *************/

## Check for possible global overwrite and end script execution if detected

function unset_globals() {
   if (ini_get('register_globals')) {
      if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
         $die = "<h1 style='font-family: Arial, Helvetica, sans-serif; color: red;'>Security Warning</h1><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>\nGLOBALS overwrite attempt detected! Script execution has been terminated.</p>\n";
         die($die);
      }
      
      ## Variables that shouldn't be unset
      $skip = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
      $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
      foreach ($input as $key => $value) {
         if (!in_array($key, $skip) && isset($GLOBALS[$key])) {
            unset($GLOBALS[$key]);
         }
      }
   }
}

## Run the function
unset_globals();


function has_zend_optimizer() {
   return true;
}

function has_ioncube_loader() {
   # Detect ionCube
   return extension_loaded('ionCube Loader');
}

class clean_data {
   
   function clean_data(&$data) {
      ## keys to skip
      $skipKeys = array('FCKeditor');
      if (isset($_GET['_g']) && urldecode($_GET['_g']) == 'filemanager/language') {
         $skipKeys[] = 'custom';
      }
      if (is_array($data)) {
         foreach ($data as $key => $val) {
            if (preg_match('#([^a-z0-9\-\_\:\@\|])#i', urldecode($key))) {
               echo urldecode($key);
               $die = "<h1 style='font-family: Arial, Helvetica, sans-serif; color: red;'>Security Warning</h1><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>\nParsed array keys can not contain illegal characters! Script execution has been halted.</p><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>It may be possible to fix this error by deleting your browsers cookies and refresh this page.</p>\n";
               die($die);
            }
            ## Multi dimentional arrays.. dig deeper.
            if (is_array($val) && !in_array($key, $skipKeys)) {
               $this->clean_data($data[$key]);
            } else if (!empty($val) && !in_array($key, $skipKeys)) {
               $data[$key] = $this->safety($val);
            }
         }
      } else {
         $data = $this->safety($data);
      }
   }
   
   function safety($val) {
      ## strip null bytes
      $val = str_replace("\0", '', $val);
      ## add slashes if magic quotes is off
      $val = (!get_magic_quotes_gpc()) ? addslashes($val) : $val;
      //return htmlspecialchars(strip_tags($val), ENT_NOQUOTES);
      return $val;
   }
}

$clean = new clean_data($data);

$clean->clean_data($_GET);
$clean->clean_data($_POST);
$clean->clean_data($_COOKIE);
$clean->clean_data($_REQUEST);


/************* END INITIAL SECURITY CHECKS *************/

if (!empty($_GET[CC_SESSION_NAME])){
   $GLOBALS[CC_SESSION_NAME] = $_GET[CC_SESSION_NAME];
   
} else if (!empty($_COOKIE[CC_SESSION_NAME])){
   $GLOBALS[CC_SESSION_NAME] = $_COOKIE[CC_SESSION_NAME];
}

if (!empty($_GET[CC_ADMIN_SESSION_NAME])){
   $GLOBALS[CC_ADMIN_SESSION_NAME] = $_GET[CC_ADMIN_SESSION_NAME];
   
} else if (!empty($_COOKIE[CC_ADMIN_SESSION_NAME])) {
   $GLOBALS[CC_ADMIN_SESSION_NAME] = $_COOKIE[CC_ADMIN_SESSION_NAME];
}
?>