Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

Hello,

I have X-Cart 4.1.10 and would like to apply the most recent security patches. However I am not seeing the archive in the "Updates and patches". Will this be added soon?

Thank you,
Greg

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

I have a 4.4.2 branch but there are no relevant files in my File Area..what should I use to patch?

Thanks

Dan

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

Hi Aim,

- Why is in the 4.6.6 > 4.7.2 upgrade, the addons.lst ignored when upgrading? All the files listed in there, are not being patched
- If I add all lines from addons.lst to file.lst, the files are patched, but it seems the modules are not upgraded very good, see my screenshot from my previous post.

Please do help since I want to upgrade our stores, these are very serious XSS bugs.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

I'm having this exact same problem applying 4.4.5 patch to my 4.4.5 site when I try to do it in admin using the diff file.

I'm afraid to just upload the actual files through ftp that overwrite completely, as the diff method seems to think there are problems, and won't let me continue.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

I've manged to successfully manually apply the DIFF changes for the 4.5.5 to 4.5.0 now.

There are a couple of DIFFS that don't exist and don't need to be done (mentioned in my previous post in this thread.)

You do have to apply these changes by hand as the DIFF files line references are all off. Simple search will get you where you need to be however.

The only one that is a bit tricky is "include_register.php.diff".
You have to add additional "(" on a new line before:

$config['Security']['use_complex_pwd'] == 'Y'

And then add an additional ")" on an new line after the new line is added:

|| in_array($usertype, array('A', 'P'))

Beyond that, my testing shows things are still working.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

It's usually the case that they only provide patches for the last version only in the older branches.
I've been using 4.4.5 patches on 4.4.2 sites - but patching the files manually.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

Best thing is to just patch each file manually.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

Thanks for your help.

1) What does that mean to patch each file manually? If the diff doesn't work (the safe way if there are customization) do you mean to upload through ftp? But that doesn't seem safe as I could be overwriting custom files.

2) It seems like it's not working the way it should. Is there a way to notify x-cart this needs to be fixed?

Thanks!

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

1) Download the files locally - then use a text editor or html editor to edit each file and make the changes in the diff file where it tells you to.

It's quite normal to have to patch files by hand, especially if you have a customised shop.
For example, if you have Altered Cart's One Page checkout installed, most of the files that need patching in the /func directory will have been altered, so will need patching manually.

2) If you are sure there's a problem - use your helpdesk to talk to them.

Re: Attention users of X-Cart vv.4.0.x - 4.7.1
 

Do not copy files. Manual patch means making the changes to files yourself not using the script - http://help.x-cart.com/index.php?title=X-Cart:To_apply_a_patch_manually