In Magento CE 1.8, it appears {{var logo_url}} defaults to using an HTTPS link in its transactional emails (if SSL enabled). This causes an issue in Outlook, because Outlook will not display images with an SSL URL.
Is there any "easy" way to force {{var logo_url}} to HTTP?
I don't think it's a good idea to enforce anything to be HTTP instead of HTTPS but well... The easiest way I can think of would be to extend Mage_Core_Model_Email_Template_Abstract in a own extension (better) or to overwrite it in your local code pool (faster and okay but not so clean) and adapt the function _addEmailVariables($variables, $storeId).
For the sake for demonstration I'll show the second approach:
Copy app/code/core/Mage/Core/Model/Email/Template/Abstract.php to app/code/local/Mage/Core/Model/Email/Template/Abstract.php and create any folders which don't exist already in app/code/local/.
Now in app/code/local/Mage/Core/Model/Email/Template/Abstract.php in the function _addEmailVariables($variables, $storeId) look for
if (!isset($variables['logo_url'])) {
$variables['logo_url'] = $this->_getLogoUrl($storeId);
}
and replace it with something like this
if (!isset($variables['logo_url'])) {
$variables['logo_url'] = str_replace("https", "http", $this->_getLogoUrl($storeId));
}
Not tested but this should work. You can adapt this approach in an own extension as well. Check out the excellent articles on http://inchoo.net/ if you are not familiar with the proccess (http://inchoo.net/magento/overriding-magento-blocks-models-helpers-and-controllers/ is a good starting point).
Related
this is a little bit strange because most of the questions here wanted to force https.
While learning AWS elastic beanstalk. I am hosting a laravel site there. Everything is fine, except that none of my javascripts and css files are being loaded.
If have referenced them in the blade view as :
<script src="{{asset('assets/backend/plugins/jquery/jquery.min.js')}}"></script>
First thing I tried was looking into the file/folder permissions in the root of my project by SSHing into EC2 instance. Didn't work even when I set the permission to public folder to 777.
Later I found out that, the site's main page url was http while all the assets url were 'https'.
I dont want to get into the SSL certificates things just yet, if it is possible.
Is there anyway I can have my assets url be forced to Http only?
Please forgive my naiveity. Any help would be appreciated.
This usually happens if your site is for example behind an reverse proxy, As the URL helper facade, trusts on your local instance that is beyond the proxy, and might not use SSL. Which can be misleading/wrong.
Which is probaly the case on a EC2 instance... as the SSL termination is beyond load balancers/HA Proxies.
i usually add the following to my AppServiceProvider.php
public function boot()
{
if (Str::startsWith(config('app.url'), 'https')) {
\URL::forceScheme('https');
} else {
\URL::forceScheme('http');
}
}
Of course this needs to ensure you've set app.url / APP_URL, if you are not using that, you can just get rid of the if statement. But is a little less elegant, and disallows you to develop on non https
After an update or a fresh install of vtiger 6.2, it's possible that contact photos don't appear. It looks like a dead link.
Problem
vTiger 6.2 puts all your uploads (incl. user & product pictures) into /storage and denys access to this folder from the web through a htaccess-File (/storage/.htaccess):
deny from all
These files will only be accessible by the webserver/php directly, which is perfect from a security point of view and it should be kept that way (deleting this htaccess-file is a very bad thing, cause then everybody outside will be able to read your files given he has the right path)!!!
The correct way to deal with these files inside the Web-Application would be to never reference the files directly in HTML (<img src="path/to/file">, cause you would not see them due to the htaccess-File) but to always route their data through a gateway-PHP-Script which checks if the requesting user is authenticated (<img src="file.php?filename=path/to/file">). The PHP-Script can (as I said above) bypass the Apache/htaccess-Security cause it directly accesses the filesystem. This is done in the Document-Section where you can see that downloading a file leads to "http://domain/index.php?module=Documents&action=DownloadFile&record=10&fileid=11"
However, unfortunatly vTiger has places in its Web-Application where it still references files in /storage directly in HTML as with User Pictures and Product Pictures therefor they are not shown.
UPDATE: Bugfix
I found that the Apps Contacts, Users and Products have this problem.
I bugfixed them in 2 steps:
Add Actions for each App as Gateway-Scripts
Create the files (vTiger is installed on /opt/vtiger)
/opt/vtiger/modules/Users/actions/DownloadPicture.php
<?php
class Users_DownloadPicture_Action extends Vtiger_Action_Controller {
public function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
if(!Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $request->get('record'))) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED', $moduleName));
}
}
public function process(Vtiger_Request $request) {
$userRecordModel = Vtiger_Record_Model::getInstanceById($request->get('record'), $request->getModule());
$userPictureDetails = $userRecordModel->getImageDetails();
$pictureData = file_get_contents($userPictureDetails[0]['path'] . '_' . $userPictureDetails[0]['orgname']);
header("Content-type: image/jpeg");
header("Pragma: public");
header("Cache-Control: private");
echo $pictureData;
}
}
?>
/opt/vtiger/modules/Products/actions/DownloadPicture.php
The same but: class Products_Download...
/opt/vtiger/modules/Contacts/actions/DownloadPicture.php
The same but: class Contacts_Download...
Adapt the Templates to serve Image-Tags with the Gateway-Script
Go in the files, find the <img ... >-Tag and change its src-Attribute:
/opt/vtiger/layouts/vlayout/modules/Users/ListViewContents.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$LISTVIEW_ENTRY->get('id')}
/opt/vtiger/layouts/vlayout/modules/Users/PreferenceDetailViewHeader.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD->get('id')}
/opt/vtiger/layouts/vlayout/modules/Users/UserViewHeader.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD->get('id')}
/opt/vtiger/layouts/vlayout/modules/Vtiger/DetailViewBlockView.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD->get('id')}
/opt/vtiger/layouts/vlayout/modules/Vtiger/uitypes/Image.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD_ID}
/opt/vtiger/layouts/vlayout/modules/Contacts/DetailViewHeaderTitle.tpl
index.php?module={$MODULE}&action=DownloadPicture&record={$RECORD->get('id')}
Now it is for sure you can see your pictures everywhere, but without beeing logged in you cannot access the files!
Possible open problem: I do not know so much about rights management in vTiger to tell you that now only users with access rights on the records have access to the files. It is possible that now every user can access them. If somebody knows how to control this. Please comment!
Hope everything works out, as by me.
Servus
Lukas
To solve that, simply yourself connect to your server through an FTP client. Empty or remove the ".htaccess" file in the "/storage" folder.
That's it!
Or in the .htaccess file change from:
deny from all
to:
Options -Indexes
I rewrote my .htaccess file from "deny from all" to…
# If the URI is an image then we allow accesses
SetEnvIfNoCase Request_URI "\\.(gif|jpe?g|png|bmp)$" let_me_in
Order Deny,Allow
Deny from All
# Allow accesses only if an images was requested
Allow from env=let_me_in
Now my images show up.
I'm trying to get my MVC3 site to redirect from HTTPS back to HTTP when the user browses to a page where it's not required (and they aren't logged in). I Don't want to have the load of running the whole site HTTPS but it's looking like thats the way I'll have to go.
I've been having loads of trouble with remote debug and symbols, but having gone back in time to 1985 and using message box equivalents to debug with I've come to the following conclusion:
if (filterContext.ActionDescriptor
.GetCustomAttributes(typeof(RequireHttpsAttribute), true)
.Any()
)
{
return true;
}
return false;
Always returns false.
The controller def starts as:
[FilterIP(
ConfigurationKeyAllowedSingleIPs = "AllowedAdminSingleIPs",
ConfigurationKeyAllowedMaskedIPs = "AllowedAdminMaskedIPs",
ConfigurationKeyDeniedSingleIPs = "DeniedAdminSingleIPs",
ConfigurationKeyDeniedMaskedIPs = "DeniedAdminMaskedIPs"
)]
[RequireHttps]
public class AccountController : Controller
{
And it doesn't seem to work for any actions in this controller (although they do get successfully routed to SSL).
Any suggestions? I'd love to see an answer for what I perceive as my own nubery ;)
Custom NotRequreHttpsAttribute tutorial
I use the above link post to implement my custom attribute, and redirect from https to http. Hope this helps.
My problem was discovered to be related to the bindings on the server published to. We use the same server for stage and production, and the stage https bindings were not set, so whenever it was calling an https page it was resolving into our production site (which looked the same so it was hard to spot).
Once I added a binding it was all solved. My code was ok...
Because of european privacy law being harsly applied in the Netherlands and to keep my company's site user friendly without nagging the users with questions if it's okay to store a cookie on their computer that allows me to access their client data.
What I need is a way to "overwrite" the native php sessions class so that at the point where the native class requests the cookie that stores the phpsessid, that I can place my own code there that checks the browsers fingerprint and matches that to a session id which I can use to return the normal working of the native class.
My idea is:
table sess_fingerprints
Fields: fingerprint - phpsessid
function getsessionid()
{
$result = $this->db->query("SELECT phpsessid
FROM `sessiondatabase`.`sess_fingerprints`
WHERE `sess_fingerprints`.`fingerprint` = '$userfingerprint'");
if($result->num_rows() != 0)
{
return $result->row->phpsessid;
}
}
and at that point the native php session code just works as it would normally do.
So, my question is: is it possible to overwrite only the "cookie" part of the phpsession class? if so, how? because I haven't found that yet.
I'm aware of being able to pass along the session variable via urls etc, but that's not secure enough for my web applications.
PHP provides support for custom session handlers:
http://php.net/manual/en/session.customhandler.php
I think I have found the solution to my problem.
I'm going to override the functions related to cookies by using http://php.net/manual/en/function.override-function.php
Thank you all for thinking along.
I have website that use XMLHttpRequest (jQuery, actually). I also have another site running on the same server, which serves a script file that makes XHR requests back to THAT site, ie.
http://mysite:50000/index.html includes
<script src="http://mysite:9000/otherscript.js"></script>
and http://mysite:9000/otherscript.js includes
$.ajax({
url: 'http://mysite:9000/ajax/stuff'
});
The problem is - this doesn't work. The AJAX requests from the loaded script simply fail with no error message. From what I've been able to find this is the old same origin policy. Given that I control both sites, is there anything I can do to make this work? The "document.domain" trick doesn't seem to do a thing for XMLHttpRequest.
Nope- can't do this with XHR. Same-domain policy is very restrictive there- same host, same port, same protocol. Sorry! You'll have to resort to other tricks (iframes, title manipulation, etc) to get it to work.
You can do this by adding Access-Control-Allow-Origin header.
If you are using PHP
header("Access-Control-Allow-Origin: http://example.com");
or in Node.js
response.writeHead(200, {'Access-Control-Allow-Origin':' http://example.com'});
This should do the trick for you. It always works for me.
I just solved a similar issue with a PHP service I'm currently playing around with (not sure how relevant a PHP solution is to this directly, but...) by making a single line proxy PHP page, SimpleProxy.php:
<?php
echo file_get_contents('http://localhost:4567');
?>
And in my XMLHttpRequest I use 'SimpleProxy.php' in place of 'http://localhost:4567', which effectively puts the request on the same domain as my .js code.