Re: Security bulletin 2008-25-12
 

I found something kind of strange in our 4.1.11 install. The original prepare.php was different, and the .DIFF wouldn't work. I opened the original prepare.php and the new one included with the security patch from 2008-25-12 and found they were very different, although both had the "# $Id: prepare.php,v 1.62.2.29 2008/08/07 11:25:02 joy Exp $" in the header.

Shouldn't at least the date be different?

There was a whole section missing on the original, from "define('X_REJECT_OVERRIDE', 1);" through (but not including) "if (!defined("XCART_EXT_ENV")) {" so needless to say I figured out why the patch wouldn't work.

I even checked with the original download from x-cart that I have on my computer and it just isn't there either.

Very strange.

Re: Security bulletin 2008-25-12
 

Hi JWait -

You may want to subscribe to this thread - Beetlejuice reported the same thing with prepare.php and I have seen seen discrepancies between files within cart versions that should all have the same files. QT reports that if we updated correctly, we would have the same file versions in our distributions - they do not update files within a distribution release - so we all could have made the same mistake at some point on an upgrade with prepare.php. Beetlejuice submitted a help ticket and was going to report back in the above referenced thread.

Re: Security bulletin 2008-25-12
 

What Beetlejuice is reporting is similar what I found, except that our 4.1.11 site is not upgraded, yet the prepare.php on the site, and in the original download from x-cart is vastly different from the prepare.php included in the 2008-25-12 security patch. The strangest part is that the versions of the file are identical,

$Id: prepare.php,v 1.62.2.29 2008/08/07 11:25:02 joy Exp $

Re: Security bulletin 2008-25-12
 

can someone tell me where the "File Area" in the HelpDesk is located?

Re: Security bulletin 2008-25-12
 

Hi JWait -

Yes - I do have discrepancies with file versions on a cart that was upgraded from 4.1.10 to 4.1.11 - not what you are reporting.

But - I also have a 4.1.11 cart that is not upgraded and I have been able to successfully add the 2008-12-18 and 2008-12-25 security patches. I can confirm that I do also see that the revision comment in the changed files is not updated. The files are changed, but the revision information remained the same. prepare.php remains 1.62.2.29 - it changed in both the 2008-12-18 and 2008-12-25 . I update manually, but the diff files look okay.

Re: Security bulletin 2008-25-12
 

Hi Belevation -

When you log into your support helpdesk, the file area is the third item in the left vertical menu.