Closed Bug 107344 Opened 24 years ago Closed 3 years ago

Some problem doesn't allow shopping in DVDGo.com

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows 95
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: zeka, Unassigned)

References

(
URL
)

Details

This problem affects DVDGo.com I think it is due to javascript. Maybe bad javascript usage. When we buy something at DVDGo, it goes to the cart in the left side. When we want to check out, we click "Check Out". Then a Login appears. We login. Then the frame shows: ****** Thank you for visiting our store. What do you want to do now?: * Continue the shopping process. * Check and change previous orders. * Change password. * Save and manage your credit cards. ****** I click "CONTINUE THE SHOPPING PROCESS" to finish my order, but.. It doesnn't work.. That link calls this function: ** Javascript:continuar() ** And I wasn't able to find the function. I re.installed mozilla a couple of days ago. Before that I was able to do actually shop there.
here's some more sand for you to analize. I typed "javascript:" on the location bar to get the errors/warnings of javascript. Then I clicked that CONTINUE .. Link. The error message is: Error: uncaught exception: Permission denied to get property Window.scriptglobals ** Ideas?
Reporter: Please include your Build ID in all bug reports. You may wish to try a more recent build: http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-win32-talkback.zip (as always, be sure to delete your old Mozilla directory before installing the new one) Also, in future, please use the Bugzilla Helper for filing bugs: http://www.mozilla.org/quality/help/bugzilla-helper.html (among other things, it automagically adds your build id)
Here«'s the build id: Mozilla { Build ID: 2001101117 } It's Mozilla .0.95, Windows 95 Also the HTTP_USER_AGENT as echoed by PHP: Mozilla/5.0 (Windows; U; Win95; en-US; rv:0.9.5) Gecko/20011011 Shouldn't that number after «Gecko/» be equal to the one shown at the title bar ?
zeka: Your build is a somewhat old. Please try a newer build (link above). And, it's ok that the numbers don't "match up". The User-Agent specifies the build in YYYY-MM-DD form, whereas the Build ID in the title bar is even more specific, as the last two digits differentiate multiple-builds-per-day. So, the full Build ID is most useful, but the Build ID in the User-Agent string is still usable in most circumstances.
Okay, I downloaded the new build Build ID: 2001102903 Same Problem still. It would be nice if I got a way to get that code, but the frames source code doesn't have that function.
Reassigning to Security:General based on the error messsage: Error: uncaught exception: Permission denied to get property Window.scriptglobals zeka: what happens if you get to the final page, where the "continuar" link is indicated, and type this in the URL bar: javascript: document.write(continuar.toSource()) This should give you the source of the function -
Assignee: rogerl → mstoltz
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Security: General
Ever confirmed: true
QA Contact: pschwartau → bsharma
It outputs nothing, and in the javascript console appears Error: continuar is not defined -- There's something I find a bit odd about the page. It's framed as follows ----------- | 0 | |-----------| | | | | 1| 2 | | | | | | | ----------- In frame 1 is the basket, in 0 is the title. In frame 1 the checkout part appears. Click the link, and opens in frame 2 the login form. We login.. and enters the screen where the CONTINUE link is. But, if I select to View Source in this page, it gives the source of the previous Login page. It's a bid odd. So, can the function be in that frame source, and be "hidden" to javascript: (..) on the location bar ? -- I sent an notice to the support of DVDGo.com to see if they can fix it.
I am able to proceed to the final ordering page (zone_order_process_step_three) but the button "confirmar pedido" does not work. JS error is "dosave is not defined"
should this be an evangelism bug? is the website exploiting global scope pollution?
This still does not work. It looks like an evangelism bug, but I do not know enough javascript to decide. In the third screen for completing the order, where the item list is displayed and available credit card numbers are displayed the button "Confirm your order / make your payment" does nothing. It produces an error "dosave not defined". The button has onclick="jscript:dosave();". The function is defined in a piece of inline javascript after the form, in <script language="jscript"> tags. This does work with Konqueror BTW. DVDGO has not reacted to any of the emails I sent to them.
Assignee: security-bugs → dveditz
QA Contact: bsharma → toolkit
Severity: normal → S3

Site seems to be gone

Assignee: dveditz → nobody
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.