Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Permission system is broken if json_decode function is not installed #3525
TLDR: open cart implementation of json_decode function does not match standard version of function. Thus, systems that don't have it installed observe a completely broken permission system (everything is denied).
Version: 18.104.22.168 and GIT master as of October 20, 2015
Pre-condition: no db exists; clean directory tree.
Administrator user is unable to navigate to any admin area except for Dashboard. Administrator gets "Permission Denied" error message.
A hack in the function "hasPermission" to always return true enables all features. Web interface reports that user is a member of Administrator group.
WARNING: when editing Administrator group through web interface the web displays not a single checked checkbox. I checked all and saved changes. I verified that database content has lots of entries (see below). I reopened Administrator group in web interface and observe that not a single permission item is checked. This might be a way to troubleshoot the issue.
SQL query used to verify group permission:
select * from oc_user_group; reports:
select * from oc_user
Please, note that I am an Open Cart newbie, so I may not know what you are talking about.
Reson for the issue is incorrect implementation of function json_decode in system/helper/json.php
I took content of opencast.sql file with generated content and wrote a simple PHP script to decode the content:
I got error: Fatal error: Call to undefined function json_decode()
I then copied open cart implementation into my test script and run the script.
Truncated output with opencart implementation:
I then installed json package (php56-json on FreeBSD) and run the test application again with the following result:
Note, how json package outputs a single slash separator and open cart utility outputs / as a separator.
This resulted in incorrect permissions for Administrator across the system.
I restarted php-fpm service and Permission issue went away.
Someone would have to either fix the helper function or remove it.
changed the title
Admin is Denied Permission to Edit everything on clean installation
Oct 21, 2015
Thanks for the update 22.214.171.124 oc
Fatal error: Call to a member function model() on a non-object in /home/store/public_html/vqmod/vqcache/vq2-admin_view_template_common_header.tpl on line 121
This type of Error again and again come up after I Click clean button in Admin > Modification page.
Please give a permanent resolution if you have.