X-Cart: shopping cart software
Page 2 of 10 < 1 2 34 > Last »
Show 40 posts from this thread on one page

X-Cart forums (https://forum.x-cart.com/index.php)
-   News and Announcements (https://forum.x-cart.com/forumdisplay.php?f=28)
-   -   security-patch-2007-10-29.tgz (https://forum.x-cart.com/showthread.php?t=35093)

balinor 11-05-2007 03:43 PM
Re: security-patch-2007-10-29.tgz
 
That's what I mean, they didn't issue a .diff, they just said 'here, replace your files'. You need to use a compare program and make the changes you find, and there are quite a few depending on how custom your func.php is.

Light Speed 11-05-2007 09:35 PM
Re: security-patch-2007-10-29.tgz
 
I also did not receive an email regarding this security patch!!!!!!!!

wjbrewer 11-05-2007 10:01 PM
Re: security-patch-2007-10-29.tgz
 
Quote:
Originally Posted by sunny
...is there any easy way to find what the actual changes are? Our include/func.php file is rather heavily modified (by x-cart, myself and one other mod) and I'm having a difficult time differentiated between the update code and that added for modifications by others. I compared the files and this doesn't do me any good. Is there any way to figure out just the lines changed for this update?

http://www.scootersoftware.com/

ambal 11-06-2007 12:03 AM
Re: security-patch-2007-10-29.tgz
 
Quote:
Originally Posted by Light Speed
I also did not receive an email regarding this security patch!!!!!!!!

You shouldn't worry about not getting the e-mail from us to the moment as you haven't got the e-mail YET. We send our newsletters in some portions usually in order not to create a huge overload impact on our servers like if we send them all at once. I am sure you'll get the e-mail in some time later.

Also, please make sure your spam filter allows messages from our domains.

balinor 11-06-2007 04:06 AM
Re: security-patch-2007-10-29.tgz
 
Alexander, is there a reason this patch was not released as a .diff? You guys have created about 20 hours of work for me in having to go into each of my clients stores and compare their func.php file to the new one and make the appropriate changes.

dire_lobo 11-06-2007 05:46 AM
Re: security-patch-2007-10-29.tgz
 
Howdy folks!'

I contacted X-Cart last night and received the following:

"The software architects informed that a diff patch for X-Cart will be released in the nearest 1-2 business days. We'll let you know as soon as it's available."

I also went in and made sure my contact email address was current - it wasn't (remember the massive spoofing campaign I weathered? - I had to change domains - and concommitantly, emails... and hadn't updated my profile at X-Cart). I updated/fixed that too.

balinor 11-06-2007 05:47 AM
Re: security-patch-2007-10-29.tgz
 
Excellent...good to hear!

geckoday 11-06-2007 05:57 AM
Re: security-patch-2007-10-29.tgz
 
Why is func.php full of changes that have nothing to do with patching security, such as discount calculations? A security patch should be just that and that alone. Now I've either got to test a dozen other things or manually pick out the security related changes from the patch.

Sheriff 11-06-2007 06:03 AM
Re: Security Patch - 11-1-07
 
1 Attachment(s)
Quote:
Originally Posted by balinor
Sure, it's in the file area/updates:

security-patch-2007-10-29.tgz

Edited the thread title to reflect this as well.

We've updated security-patch-2007-10-29.tgz in the XB file area and now it contains diff files too.

Also I've attached security-patch-2007-10-29_diffs-only.zip file to this message for further use.

balinor 11-06-2007 06:12 AM
Re: security-patch-2007-10-29.tgz
 
Well that didn't work...on a fresh install of 4.1.8, the only file that patches is /include/func/func.db.php. The rest result in a 'could not patch' error, even though they are default files. Testing other versions now.


All times are GMT -8. The time now is 08:10 AM.
Page 2 of 10 < 1 2 34 > Last »
Show 40 posts from this thread on one page

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.