Announcement:Materials and articles for ProductCart 5 can be found at our brand new support center.

Create an account to edit articles | See Formatting Syntax for Wiki syntax | We look forward to your contribution!

How to secure the Tell A Friend form

Overview

Some customers have reported that McAfee Secure is considering the fact that the “Tell A Friend” form is not secure a vulnerability. We disagree in that the form does not pass any confidential information to the form handler. McAfee Secure considers the e-mail address to be confidential information, thus the issue.

Solution: force HTTPS

The following solution is only applicable to stores that have a dedicated SSL certificate.

The solution consists of automatically loading the page on the HTTPS protocol, so that information is transmitted in an encrypted format between the browser and the Web server. HTTPS can be forced by using the code mentioned below.

  • Download the file “tellafriend.asp” from the “pc” folder
  • Make a back-up copy
  • Open it with Notepad or your favorite HTML editor
  • Locate the opening ASP tag at the top of the file:
    <%

  • Place the following code immediately after it.

    If (Request.ServerVariables("HTTPS") = "off") Then
        Dim xredir__, xqstr__
        xredir__ = "https://" & Request.ServerVariables("SERVER_NAME") & _
                   Request.ServerVariables("SCRIPT_NAME")
        xqstr__ = Request.ServerVariables("QUERY_STRING")
        if xqstr__ <> "" Then xredir__ = xredir__ & "?" & xqstr__
        Response.redirect xredir__
    End if

  • So the top of “tellafriend.asp” will look like this:

    <%
    If (Request.ServerVariables("HTTPS") = "off") Then
        Dim xredir__, xqstr__
        xredir__ = "https://" & Request.ServerVariables("SERVER_NAME") & _
                   Request.ServerVariables("SCRIPT_NAME")
        xqstr__ = Request.ServerVariables("QUERY_STRING")
        if xqstr__ <> "" Then xredir__ = xredir__ & "?" & xqstr__
        Response.redirect xredir__
    End if

  • Save the file and upload it back to the “pc” folder

This should make the vulnerability disappear.


QR Code
QR Code How to secure the Tell A Friend form (generated for current page)