ADDCreative

The simplest would probably be something like ```php $dom->loadXml($response, LIBXML_NOWARNING | LIBXML_NOERROR); if ($dom !== false) { $cube = $dom->getElementsByTagName('Cube')->item(0); if ($cube !== null) { ... } else { //...

Prepare statements would be an improvement. It's so easy to make a mistake with the escaping and casting in the SQL, that I see a extensions with them missing all...

Still a few security issues that haven't been addressed. CSRF vulnerability on affiliate accounts. https://github.com/copona/copona/issues/46 A URL's HTTPS is wrongly based on the request. https://github.com/copona/copona/blob/master/system/library/url.php#L46-L49 The vulnerable JSON helper has...

@lucasjkr OpenCart doesn't have the issue (if you set configuration correctly), only Copona. The issue is only a problem if the server is using a certificate, so installing a certificate...

Don't think this will work on Windows as realpath will convert / to \ but $filename outside realpath could have / in.

@arnisjuraga Fixes the issue with windows, not this issue about the symlinked paths. You probably need to change them all to your suggestion above https://github.com/copona/copona/issues/128#issuecomment-287214871.

The order ID needs to be editable by guest customers wishing to return items using the link to route=account/return/add in the footer.

@arnisjuraga Just in case you are not aware, it also affects affiliate accounts.

@arnisjuraga Still need to add a CSRF token to affiliate/edit, affiliate/password, affiliate/payment.

I usually have to set the following taxes. To all UK customers - 20% To EU consumer customers - 20% To EU VAT registered business customers - None (using a...