prestashopcorp / zeleriscarrier Goto Github PK

XSS

In the following lines, escape all Tools::getValue() call and variables with Tools::safeOutput()

/zeleriscarrier.php:348,573,587,594,601,614,615,623,634,635,642,653,654,661,672,673,680,691,698

lib/zelerislog.php:
Please use English name for functions and variables
Missing licence
Wrong norms, please check : http://doc.prestashop.com/display/PS16/Coding+Standards

lib/index.php:
Incorrect licence

lib/Pager.php:
Missing licence
Wrong indentation size
Wrong norms, please check : http://doc.prestashop.com/display/PS16/Coding+Standards

mails/es/index.php:
Incorrect licence

mails/en/index.php:
Incorrect licence

mails/index.php:
Incorrect licence

mails/es/zeleris_contact.html:
Please use English name for variables
Please escape variables

mails/es/zeleris_contact.txt:
Please use English name for variables

mails/en/zeleris_contact.txt:
Please use English wording

mails/en/zeleris_contact.html:
Please use English wording

translations/index.php:
Incorrect licence

Readme.md
file name must be in upper case

logo.gif
Must be a png file as specified in http://doc.prestashop.com/display/PS16/Creating+a+first+module

index.php:
Incorrect licence

config.xml
Empty xml tag, if not used please remove it
Please use English wording

AdminZeleris.php:
Please use English name for variables

zeleriscarrier.php:
Wrong norms, please check : http://doc.prestashop.com/display/PS16/Coding+Standards
Please use Module::isInstalled instead of self::isInstalled
PS_CARRIERS_AND_CARRIER_MODULES_NEED_RANGE is depreacated please use Carrier::PS_CARRIERS_AND_CARRIER_MODULES_NEED_RANGE
58-61 - Please remove unused code : $id_carrier_list = array(); foreach ($carriers as $carrier) $id_carrier_list[] .= $carrier['id_carrier'];
64-72 - Please use $warning[] = instead of $warning[] .=
89,174,175,176 - Please use execute instead of Execute
92, 106, 114, 148 - undefined function tablesRollback
125 - Please use $this->l to translate
129, 143 - Duplicated variable $this->_moduleName , use $this->name
229 - Why not use $carrier->addZone() ?
236 - Please use Tools::copy
251-254 - Please add your document.ready in a js file and add it to page with $this->module->controller->addJS, idem for _displayLanding and _displayForm please use template files
923 - Be careful, Tools::getValue can return false
948 - SECURITY issue, please cast or check $address_user_id
953 - SECURITY issue, please cast or check.$data_user[0]['id_country']
979 - $amount variable never used
1012 - Please use PS_PRICE_DISPLAY_PRECISION for precision number
1024 - Please use English wording
1039, 1065 - Please use WHERE LOWER(c.external_module_name) = "'.$this->name.'"
1118, 1141, 1146 - SECURITY issue, please cast or check $$id_order
1124 - Invalid url
1241, 1393, 1476 - SoapClient may not be installed in all Hosting Server, please check if SoapClient exist before
1245 - 1255 - SECURITY issue, please check or cast your variables
1267, 1315, 1356 - Please use Tools::getAdminTokenLite('AdminZeleris') instead of tools::getValue('token')
1280 - Please use WHERE LOWER(c.external_module_name) = ".$this->name."
1286 - 1294 - SECURITY issue, please check or cast your variables
1309 - Variable $message never used out of if, please set your var in correct context
1331 - SECURITY issue, please check, escape or cast your variables
1139 - Please escape your vars
1345 - SECURITY issue please check message param
1347 - Please escape your vars
1419, 1523 - Unused vars

Index ZELERIS_MERCHANDISE_DESCRIPTION not defined at ligne 732
Index iso_code not defined at ligne 1527

Hi,

If you do not use the file /views/img/Imagen Zeleris.jpg, please remove it.

This file is really big, which makes the module heavier (and in consequence more difficult to download). I just tried to use the module on a shop with a small configuration, and the upload failed with the following error: File too large.