| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Upgrade your site to Smarty 2.6.2 | ||||
|
|
Thread Tools | Search this Thread |
#41
|
|||||||
|
|||||||
Quote:
Here's a quick follow up on this issue - I upgraded Smarty to 2.6.2 using the instructions on this thread. Smarty 2.6.2 now uses $_GET instead of HTTP_GET_VARS. Now, x-cart 3.5.8 does not allow the variable $_GET with the new top.inc.php file, hence {$smarty.get.XXXX} won't work. In fact any call you make to $_GET or $_POST or $_COOKIE will not work. (The new top.inc.php was written to prevent possible security issues with people running servers with register_global set to "on". If you don't have registered globals turned on, I don't think this new top.inc.php file helps you much, but I am still waiting for a confirmation from x-cart regarding this question. I have posted a modified top.inc.php file at the bottom of this post for anyone who wants to use smarty 2.6.2 with x-cart 3.5.8. UNDERSTAND THAT THIS CODE MAY NOT BE SECURE.) If you continue to us 2.5.0 you will not encounter this bug because they still use the deprecated variables $HTTP_GET_VARS, $HTTP_POST_VARS, etc.. I emailed x-cart about this an they said they are so far not plannning on updating their code to use $_GET, $_POST, etc., because it would require a lot rewriting. IMHO that reasoning sucks. You can find out more about these php variables here - http://us3.php.net/manual/en/language.variables.predefined.php. AGAIN NOTE THAT THIS CODE MAY NOT BE SECURE (ESPECIALLY IF YOU HAVE REGISTER GLOBAL TURNED ON). Code:
__________________
Following the signature guidelines : xcart pro 3.5.8 - [RedHat] |
|||||||
#42
|
|||||||||
|
|||||||||
Quote:
|
|||||||||
#43
|
|||||||
|
|||||||
Quote:
Hear, hear. I did a search of the 3.5.8 distribution and there are 472 occrences of the variable $HTTP_%. So in theory you could do a massive find a replace. By the way, I also checked the 4.0 alpha distribution and it too is using 2.5.0. Seems to me like that would be an ideal time to update the code. JMO
__________________
Following the signature guidelines : xcart pro 3.5.8 - [RedHat] |
|||||||
#44
|
|||||||||
|
|||||||||
This belongs in Rants or something I know, so I apologise in advance for getting off topic.
The irony here is that X-cart expects us to upgrade to fix bugs or to deal with security issues, yet they balk at having to re-code to improve their product and make it compliant? 4.0 would be the ideal time to get the code cleaned up. I will personally be pretty disappointed if they don't. I just finished buying my third licence and have plans for dozens more. A regressive attitude towards development is not a good sales pitch. |
|||||||||
#45
|
|||||||||
|
|||||||||
Quote:
this is exactly why everyone needs to make their point here http://forum.x-cart.com/viewtopic.php?t=10737&highlight= lets get all these problems ironed out before the official release of 4.0 I would rather see a delayed release of 4.0 with loads of things fixed even if it caused 1 awkward upgrade rather then having to do 10 upgrades later down the line that only fix things that should have been right in th start
__________________
Looking for a reliable X-cart host ? You wont go wrong with either of these. EWD Hosting Hands On Hosting |
|||||||||
#46
|
|||||||||
|
|||||||||
Thanks Shan. I didn't know about that thread. I assumed the beta test was only for development partners.
I'll post there shortly. |
|||||||||
#47
|
|||||||||
|
|||||||||
as far as i know everyone can have a blast on it and post their bugs / thoughts to the thread i mentioned
__________________
Looking for a reliable X-cart host ? You wont go wrong with either of these. EWD Hosting Hands On Hosting |
|||||||||
#48
|
|||||||
|
|||||||
Quote:
Currently using Smarty 2.5.0 and $smarty.get.mode is used throughout our site. The only current loss of function occurs in PHP in which we have had to switch to $HTTP_WHATEVER instead of $_WHATEVER. We don't use webmaster mode at all and I would really love to upgrade to Smarty 2.6.2 (without screwing up our .tpl's). Is there any way I can make our site compatible (excepting Webmaster Mode) with Smarty 2.6.2 and Xcart 3.5.8??
__________________
X-Cart Pro 4.5.5 Platinum X-Payments 1.0.6 PHP 5.3.14 MySQL 5.1.68 Apache 2.2.23 |
|||||||
#49
|
|||||||
|
|||||||
Quote:
Does this theory works in practice, anyone? It's not a big deal to do massive find and replace. But it probably will bring a lot more work down the road when it's time to upgrade, almost every file will be affected in upgrade. |
|||||||
#50
|
|||||||
|
|||||||
Quote:
The following is my question to x-cart support followed by their response: MY QUESTION: "If we have register_global=off on our server, would it be ok to at $_GET and $_POST to the array or would this pose a potential security risk?" THEIR RESPONSE: "Theoretically, no. There wouldn't be any security risk." So, it appears that is you have registered globals turned off on your machine you can use the code I previously posted. In hindsight, this makes sense given the fact that these variables are all just aliases anyway. Hope this helps
__________________
Following the signature guidelines : xcart pro 3.5.8 - [RedHat] |
|||||||
|
|||
X-Cart forums © 2001-2020
|