Announcement:Materials and articles for ProductCart 5 can be found at our brand new support center.

Create an account to edit articles | See Formatting Syntax for Wiki syntax | We look forward to your contribution!

How to secure the Contact Us form

Overview

Some customers have reported that McAfee Secure is considering the fact that the “Contact Us” form is not secure and therefore a vulnerability. Specifically it has been reported as “Unencrypted Sensitive Form Detected” We disagree in that the form does not pass any confidential information to the form handler. McAfee Secure considers the e-mail address to be confidential information, thus the issue.

This is identical to the solution for Secure the Tell A Friend form (tellafriend.asp)

Solution: force HTTPS

The following solution is only applicable to stores that have a dedicated SSL certificate.

The solution consists of automatically loading the page on the HTTPS protocol, so that information is transmitted in an encrypted format between the browser and the Web server. HTTPS can be forced by using the code mentioned below.

  • Download the file “contact.asp” from the “pc” folder
  • Make a back-up copy
  • Open it with Notepad or your favorite HTML editor
  • Locate the opening ASP tag at the top of the file:
    <%

  • Place the following code immediately after it.

    If (Request.ServerVariables("HTTPS") = "off") Then
        Dim xredir__, xqstr__
        xredir__ = "https://" & Request.ServerVariables("SERVER_NAME") & _
                   Request.ServerVariables("SCRIPT_NAME")
        xqstr__ = Request.ServerVariables("QUERY_STRING")
        if xqstr__ <> "" Then xredir__ = xredir__ & "?" & xqstr__
        Response.redirect xredir__
    End if

  • So the top of “contact.asp” will look like this:

    <%
    If (Request.ServerVariables("HTTPS") = "off") Then
        Dim xredir__, xqstr__
        xredir__ = "https://" & Request.ServerVariables("SERVER_NAME") & _
                   Request.ServerVariables("SCRIPT_NAME")
        xqstr__ = Request.ServerVariables("QUERY_STRING")
        if xqstr__ <> "" Then xredir__ = xredir__ & "?" & xqstr__
        Response.redirect xredir__
    End if

  • Save the file and upload it back to the “pc” folder

This should make the “vulnerability” disappear.


QR Code
QR Code How to secure the Contact Us form (generated for current page)