Hi, everybody!

As I was thinking of using the imprint option quite extensively in my site I did also some checking of the tables and code supporting the option. I have discovered a serious flaw in the option that MIGHT create unpredicted results in your site.

As far as I understand - guests get their basket contents stored in a cookie, while the text attributes get stored in a table that is connected to the guest's session via the session ID. The problem is that the application never gets the session ID and thus it stores an empty value (null?) in the underlying table.

For those who want the above gibberish translated into English: if you have TWO non-registered guests on you site SIMULTANEOUSLY and they order exactly the same item, but with different texts, they will both get THE SAME TEXT. I believe it will be the last input text that "wins".

I have produced a fix that I am testing right now at my own site. The fix involves getting the session ID into $osCsid from $_REQUEST["osCsid"] or from $_GET["osCsid"], depending on where in the php code you are. My fix seems to work, but I don't really know if it's done the correct way as I don't know a jacksh.t about PHP/MySQL programming and was just trying to make a crude fix to a serious problem. Anyway, I'll post the fix in a few days and will be glad if somebody can review it.

Example of one of the fixes in application_top.php:
$osCsid = $_REQUEST["osCsid"];
tep_db_query("insert into zjsess(sessid, place) values ('" . $osCsid . "','application_top 3 (insert)')");
tep_db_query("insert into customers_basket_text_attributes values ('$osCsid', " . $HTTP_POST_VARS['products_id'] . ", " . $attr['products_text_attributes_id'] . ", '" . addslashes($HTTP_POST_VARS['products_text_attributes_' . $attr['products_text_attributes_id']]) . "');");


More...