-- HikaShop version -- : 4.0.2
-- Joomla version -- : 3.9.4
-- PHP version -- : 7.2.15
-- Browser(s) name and version -- : Chrome
-- Error-message(debug-mod must be tuned on) -- : Access Forbidden
This error has occurred on 2 different sites on two different servers but both running Hikashop and Sh404 for SEF URL's. On step one of the checkout process the Joomla message appears "Access Forbidden". I thought this was an SH404 problem as I could workaround the issue by using the Joomla router and not the Sh404 one (default). I lodged a ticket with them and replicated a test site for them to check. They have come back and said that is not their plugin as they can get this issue even when SH404 is uninstalled.
Their comments were;
"I actually downloaded a backup of the site to debug the issue until I thought of testing this without sh404SEF and without Joomla SEF: the error was happening, even without sh404SEF on the site!
So this pointed at a bug in Hikashop - as the checkout should work with or without SEF URLs enabled. It took a bit of digging but I found out they are doing something that's cannot work if their SEF system is not used (ie not compatible with Joomla API).
The fix is easy but it must be done in their code, in file /components/com_hikashop/views/checkout/tmpl/show.php. It looks like this:
<?php
/**
* @package HikaShop for Joomla!
* @version 4.0.2
* @author hikashop.com
* @copyright (C) 2010-2019 HIKARI SOFTWARE. All rights reserved.
* @license GNU/GPLv3
www.gnu.org/licenses/gpl-3.0.html
*/
defined('_JEXEC') or die('Restricted access');
?><form action="<?php echo $this->checkoutHelper->completeLink('cid='. $this->step, false, false, false, $this->itemid); ?>" method="post" id="hikashop_checkout_form"
and it must be changed to:
<?php
/**
* @package HikaShop for Joomla!
* @version 4.0.2
* @author hikashop.com
* @copyright (C) 2010-2019 HIKARI SOFTWARE. All rights reserved.
* @license GNU/GPLv3
www.gnu.org/licenses/gpl-3.0.html
*/
defined('_JEXEC') or die('Restricted access');
?><form action="<?php echo $this->checkoutHelper->completeLink('ctrl=checkout&cid='. $this->step, false, false, false, $this->itemid); ?>" method="post" id="hikashop_checkout_form"
ie there's an added ctrl=checkout& bit in there.
Currently they are adding this ctrl=checkout bit in their router.php file but that's not an API-compatible design because when a 3rd party SEF extension is used, their router.php file is not used at all.
I would suggest your report the detailed issue with them, especially the fact that the checkout does not work when only using non-SEF URLs in Joomla - that is when sh404SEF is NOT there and cannot be suspected to cause any issue."
Would this be able to be rectified in a subsequent release?
HIKASHOP ESSENTIAL 60€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
