Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

For what it is worth, this is what I've found so far with testing with applying the 4.5.5 patches to 4.5.0.

I get a white blank screen of death in their related functions if I upload any of these files:

func/func.backoffice.php
func/func.cart.php
func/func.core.php
func/func.user.php
include/register.php

Also this files doesn't exist in 4.5.0:

include/func.perms.php
provider/register.php

The Smarty update is pretty straight forward and I don't see that causing an issue. Same pretty much goes with the skin .tpl files.

The real question comes down to those 4 above and the 2 that don't exist in 4.5.0.

My next move will be to try applying the diffs with patch but I won't get around until that tomorrow.

One thing I'm not sure about is pconf.diff - do I need that?

My understanding from one of the previous posts here is that I don't need to do anything with patch.sql as it just marks that it was updated.

FYI earlier this week the x-cart site was being hammered by various probes from Isreal. They were probing the review portions in the catalog. Could be they were already looking for active explores or not. Mainly just a small load factor on the server. Far as I can tell, nothing was done and WAF OWSAP rules blocked anything bad.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

I can't see the 4.5.4 patch either

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

I just applied the security update to my 4.6.6 test server after making backups of DB, and files, as well as the 3 individual files and the 2 SQL DBs that were affected in my case.

I applied the Patch.sql - and the 3 diff files and all applied successfully.

I tested an order from start to finish, and had no problems.

Then I repeated on my production server, and again all applied fine for me.

Thanks for the quick patch for the problem.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

The patches for 4.5.5 won't work for previous 4.5.x versions as there are major differences. There will need to be separate patches for those branches.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

Hopefully at least for 4.5.4 which might be applicable to older versions. Or maybe a separate one for 4.5.2. 4.5.3 and 4.5.5 had some pretty significant changes in them.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

Patch (4.4.5) applied to a 4.4.4 store successfully.

However there is no provider/register.php in 4.4.4 (both my version and the version in the file area)

Is this a 4.4.5 file only?

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

After applying the patch for 4.3.2 all of the user information disappears in the backend. The data is still in the database but just not displaying.
I restored the original func.user.php and the functionality returns.

Here are the new lines of code (starting at line 201):

$need_password = (bool)$need_password;
$need_cc = (bool)$need_cc;
$user = abs(intval($user));
$usertype = addslashes($usertype);

Does anyone have a suggestion as to how to get the new file to work without disrupting the store?

Thanks very much.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

There appears to be a small bug where the default payment method on the checkout now defaults to the last method, not the first?

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

I have reuploaded the
security-patch-2015-04-28_4.0.19.tgz
security-patch-2015-04-28_4.1.12.tgz
security-patch-2015-04-28_4.2.3.tgz
security-patch-2015-04-28_4.3.2.tgz

security patches.

I have removed the line
$user = abs(intval($user));
from these patches.

Sorry for that.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

Hello,

I have X-Cart 4.1.10 and would like to apply the most recent security patches. However I am not seeing the archive in the "Updates and patches". Will this be added soon?

Thank you,
Greg