security-patch-2007-06-20
Thee is a new security patch, identified as "SEVERITY: Critical" for users of 4.1.7
It should be in your file area. security-patch-2007-06-20 One comment: In the install instructions, it states: Quote:
CDSEO, "Remember Me" and other mods/hacks (including a redirect to a static page after logout) all have modified login.php, so don't forget to backup, and be careful out there. Thank you to x-cart for the patch -- (for those of us using 4.1.7 that are not prepared to upgrade to 4.1.8 just yet) |
Re: security-patch-2007-06-20
Note that CDSEO by default does not modify login.php, only a custom hack in carpeperdium's site does :)
|
Re: security-patch-2007-06-20
Jon,
What custom hack is that? Should I open a ticket? Did the "old" cdseo not get removed when you made this version 2? Thanks Jeremy |
Re: security-patch-2007-06-20
It was an issue with your site only. I'll PM you so as not to take this thread off topic.
|
Re: security-patch-2007-06-20
so just to be sure, it is only 4.1.7 affected, not previous 4.1's.
thanks |
Re: security-patch-2007-06-20
Quote:
Thank you, Jon, for your help here... turns out we were able to remove all cdseo code from my login.php file For anyone keeping score, it looks like there were changes to login.php since February 2007 (not documented in the changelog), and this negated the cdseo code required to do the "confirmation page at logout hack". I installed this new security-patch-2007-06-20, added the "remember me" code, added a minor "logout redirect" hack, and all's fine. Anyone who's hacked their login.php may want to revisit this file, since it appears x-cart made some undocumented improvements that allowed me to remove a bunch of unnecessary code. Thank you, I guess. ;) |
Re: security-patch-2007-06-20
Just bringing up the previous posting:
QUOTE: so just to be sure, it is only 4.1.7 affected, not previous 4.1's. END QUOTE So, was this ONLY for 4.1.7 or all 4.1.x versions? |
Re: security-patch-2007-06-20
The way I read it, yes, for 4.1.7 only. Maybe x-cart can clarify?
|
Re: security-patch-2007-06-20
Quote:
You're right. This security patch is for 4.1.7 only. |
All times are GMT -8. The time now is 04:55 AM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.