MCCS

yes, again i would really like this working with also simpel url's. a cdn is an real requirement.. thanks

cdn is an real requirement or slowly people will be forced to use other solutions..

yes using and supporting an CDN is actually the only way to go and should be somewhere on the top priority list!! thi sis not only for big companies.. but also for small shop who try to have a fast shop globally.. like customers in the stats you do not want them to wait for 10 seconds.. even if you have the fastest server in the world then still a sinlge server would still be too slow if you do not use an cdn.. its a must so please, please implement proper support for this!!!

i am trying to setup prestashop with an edgecast cdn, simply enering the media servers would not work, because i have seen prestashop trying to fecth the CCC / (template/cache/987r839d3.js and .all_css files) from there. is there a way to have prestashop get only the images externally and not the js and css what would be the good way. i read also a code mod. http://www.prestashop.com/forums/viewthread/57713/general_discussion/solved_is_it_possible_to_use_external_picture_links but this is not a clean way to do it..also i saw in some older version configuration directives.. what is the right way? as there is no documentation can anyone please share what they got? Thanks

ps: why not write your manual so it can be translated by google automaticly.. then you have your complete manuals in all languages http://translate.google.com/translate?js=n&prev=_t&hl=nl&ie=UTF-8&layout=2&eotf=1&sl=fr&tl=en&u=http://viewer.zoho.com/docs/urlview.do?url=http://www.prestashop.com/download/Techguide_fr.pdf because the english version is missing this is a very fast google translation.. dunno how long the link will stay. but atleast we have some sort of clue..

yes, please consider releasing also initially in english, as prestashop is growing, future development could increase faster if all documentation is released in english.. its hard to setup develop or support by trying to translate.google all documentation and large portions in the forums.. Thanks

Dear All I am trying to configure prestashop to work in an redundant cluster, but i run into some issue's first my performance settings: Smarty: Force Compile = no Cache = Yes CCC (Combine, Compress and Cache): Smart cache for CSS = Use CCC for CSS. Smart cache for JavaScript = Use CCC for JavaScript. Minify HTML = Minify HTML after "smarty compile" execution. Compress inline JavaScript in HTML = Compress inline JavaScript in HTML after "smarty compile" execution High risk HTML compression = Keep W3C validation Media Servers (use only with CCC): static1.yourwebserver.com static2.yourwebserver.com static3.yourwebserver.com Ciphering: Algorithm = Use Rijndael with mcrypt lib. Caching: Use cache = Yes Caching system: Memcached (and i use two internal memcached servers ------------------------------------------------------------------------------------------------------------------------------ the questions i place here are things i will try to find answers for either by myself or the wonderful help of people who already took the time or experienced what i post here. (thx in advance btw if you assist) Memcached the Memcached is working well i see a lot of slabs and things cached. but what is exactly cached? is also session information cached here? or is this cache compiled objects only or does it also include results of sql queries? Sessions. A redundant cluster cannot perform if the sessions are kept shared somewhere. are they stored in the database or memcached? thus are they a part of cacheFS.. would be the best way to force php to save its sessions in memcached from the php.ini directive. Performance. as most people notice the cache tuning setting i have above here if you disable the CCC are acceptable but i would like to get the load time below 1.5 seconds in my situation. and for this i would like to enable CCC and use media servers i did setup three virtual hosts pointing to the same folder were the root is of the prestashop. now when i enable CCC i find out the following things that are errors in my firebug results. using https for the CCC files?? and the fiels are not in memcached but in your theme cache folder.. https://static2.domain.com/themes/mytheme/cache/3385afdec774e206252b5d559420be1d_all.css https://static1.domain.com/themes/mytheme/cache/861ec3a81addab397af926d09a3d3b0b.js i miss also my hostname in all the images when i enable CCC.. strange ey? and also ssl.. https://themes/mytheme/css/"../img/back_top.jpg" - even if SSL is disabled it always tries to load the CCC files with https/SSL and it tries to find the in the cache folder of your template. this forces to buy an multiple domain certificate not a ral good idea. why is this been forced to ssl? - when you would like an redundant cluster then this type of thing is best to store in Memcached otherwise you still get strange cache files on each node on the filesystem and this could give strange results if one of your server fails. because i assume this here that all those CCC files are hashed with an unique filename.. thus it would not be found on the standby node.. etc problem here is firefox does not load the combined css and js files if the certificate is not valid. to work arround this, i did create an wildcard ssl (*.domainname.com) then i can accept the ssl cert. but still it will not load a lot of images here - so you need to have an correct cert to the ccc files to load. - on the images that do not want to load.. the host nane is missing and " is inserted in between plus on the end of the images file name.. are these things template related, did any one experienced this with using media servers? Thanks in advance

dear all, prestashop is currently still vulnerable for XSS crosside scripting in the order.php and search.php the input fields still accept characters to eliminate XSS for instance # Remove < input and replace with < # Remove > input and replace with > # Remove ' input and replace with ' # Remove " input and replace with " # Remove ) input and replace with ) # Remove ( input and replace with ( these things should not be allowed in fields. if you do accept them an XSS is possible. so an trim and parsing for / and \ is not enough a collegues dev used the htmlentities function from php to do this. problem is were would the prestashop dev team change this to eliminate XSS example: so please take this into the dev changes. (to strip with htmlentities the above chars) Thanks